Executive Summary
In April 2026, CISA disclosed two critical vulnerabilities in Hardy Barth's Salia EV Charge Controller firmware versions up to 2.3.81. Identified as CVE-2025-5873 and CVE-2025-10371, these flaws allow remote attackers to upload malicious files via the web interface, potentially leading to remote code execution. Despite public proof-of-concept exploits being available, Hardy Barth has not responded to coordination requests, leaving systems at risk.
This incident underscores the growing cybersecurity challenges in the EV infrastructure sector. The lack of vendor response highlights the need for proactive security measures and vigilant monitoring to protect critical energy and transportation systems from emerging threats.
Why This Matters Now
The vulnerabilities in Hardy Barth's Salia EV Charge Controllers expose critical infrastructure to potential remote attacks, emphasizing the urgent need for enhanced security protocols and vendor accountability in the rapidly expanding EV sector.
Attack Path Analysis
An attacker exploited unrestricted file upload vulnerabilities in the Hardy Barth Salia EV Charge Controller's web interface to gain initial access. They then escalated privileges by executing arbitrary code, allowing them to move laterally within the network. Establishing command and control, the attacker exfiltrated sensitive data, leading to significant operational disruption.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited unrestricted file upload vulnerabilities in the web interface of the Hardy Barth Salia EV Charge Controller to upload malicious files, gaining unauthorized access.
Related CVEs
CVE-2025-5873
CVSS 6.3An unrestricted file upload vulnerability in the web interface allows an authenticated remote attacker to execute arbitrary code.
Affected Products:
Hardy Barth Salia EV Charge Controller – <=2.3.81
Exploit Status:
proof of conceptCVE-2025-10371
CVSS 7.3An unrestricted file upload vulnerability in the API allows an unauthenticated remote attacker to execute arbitrary code.
Affected Products:
Hardy Barth Salia EV Charge Controller – <=2.3.81
Exploit Status:
proof of concept
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Web Shell
Command and Scripting Interpreter
Valid Accounts
Endpoint Denial of Service
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
NIST SP 800-53 – Information Input Validation
Control ID: SI-10
PCI DSS 4.0 – Security of System Components
Control ID: 6.2.1
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 6
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
CISA Zero Trust Maturity Model 2.0 – Identity
Control ID: Pillar 2
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Automotive
EV charging infrastructure vulnerabilities enable remote code execution, compromising vehicle charging networks and creating safety risks for electric vehicle operations.
Utilities
Electric grid charging stations face critical security gaps allowing unauthorized access, potentially disrupting power distribution and energy management systems nationwide.
Transportation
Public and commercial EV charging networks vulnerable to remote attacks, threatening transportation electrification initiatives and fleet charging infrastructure security.
Oil/Energy/Solar/Greentech
Renewable energy charging infrastructure exposed to unrestricted file uploads and buffer overflows, compromising clean energy transition and grid modernization efforts.
Sources
- Hardy Barth Salia EV Charge Controllerhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-111-05Verified
- CVE-2025-5873 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2025-5873Verified
- CVE-2025-10371 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2025-10371Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and controlled egress policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's initial access may have been limited to the compromised device, reducing the potential for further exploitation.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges may have been constrained, limiting their control over the compromised device.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement could have been restricted, reducing the scope of the breach.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels may have been detected and disrupted.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's data exfiltration efforts could have been blocked, preventing sensitive information from leaving the network.
The operational impact may have been minimized, preserving service availability.
Impact at a Glance
Affected Business Functions
- EV Charging Operations
- Billing Systems
- Customer Data Management
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of customer PII and billing information.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict lateral movement within the network.
- • Deploy Inline IPS (Suricata) to detect and prevent malicious file uploads.
- • Utilize Egress Security & Policy Enforcement to monitor and control outbound traffic.
- • Enhance Threat Detection & Anomaly Response capabilities to identify and respond to suspicious activities.
- • Regularly update and patch systems to mitigate known vulnerabilities.
