---
title: "Critical Flaws in Hardy Barth EV Chargers Allow Remote Code Execution"
short_title: "Hardy Barth EV chargers vulnerable to RCE attacks"
description: "Two critical vulnerabilities in Hardy Barth Salia EV Charge Controllers enable remote code execution and device crashes. Learn mitigation steps and protect your infrastructure now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [ev chargers, cve-2025-5873, cve-2025-10371, rce, cybersecurity]
score: 0.85
cve_ids: [CVE-2025-5873, CVE-2025-10371]
---
## TL;DR
Two critical vulnerabilities (CVE-2025-5873 and CVE-2025-10371) in Hardy Barth Salia EV Charge Controllers could allow attackers to execute remote code or crash devices. Affecting firmware versions ≤2.3.81, these flaws pose significant risks to energy and transportation sectors worldwide. Mitigation steps include isolating devices and contacting Hardy Barth for updates.
Main Content
### Critical Vulnerabilities Expose EV Chargers to Remote Attacks
Electric vehicle (EV) charging infrastructure is under threat due to two newly disclosed vulnerabilities in Hardy Barth Salia EV Charge Controllers. These flaws, identified as CVE-2025-5873 and CVE-2025-10371, enable unrestricted file uploads and could lead to remote code execution (RCE) or device crashes. With a CVSS score of 7.3, these vulnerabilities demand immediate attention from organizations deploying affected systems.
### Key Points
- Affected Systems: Hardy Barth Salia EV Charge Controllers running firmware ≤2.3.81.
- Vulnerabilities:
- CVE-2025-5873: Unrestricted file upload via the /firmware.php endpoint in the Web UI.
- CVE-2025-10371: Unrestricted file upload via the /api.php endpoint, manipulated through the setrfidlist argument.
- Impact: Remote code execution, device crashes, and potential compromise of critical infrastructure.
- Sectors at Risk: Energy and Transportation Systems, with global deployment.
- Vendor Response: Hardy Barth has not responded to coordination requests from CISA.
### Technical Details
#### CVE-2025-5873
- Type: Unrestricted Upload of File with Dangerous Type.
- Vector: Exploitable via the Web UI (/firmware.php) by manipulating the media argument.
- CVSS Score: 6.3 (Medium).
- Attack Vector: Remote exploitation with low privileges required.
- Public Exploit: A Proof of Concept (PoC) has been disclosed, increasing the risk of exploitation.
#### CVE-2025-10371
- Type: Unrestricted Upload of File with Dangerous Type.
- Vector: Exploitable via the /api.php endpoint by manipulating the setrfidlist argument.
- CVSS Score: 7.3 (High).
- Attack Vector: Remote exploitation with no privileges required.
- Public Exploit: A PoC is publicly available, heightening the urgency for mitigation.
Both vulnerabilities stem from CWE-434, which allows attackers to upload malicious files without restrictions, leading to potential RCE or system crashes.
### Impact Assessment
The exploitation of these vulnerabilities could have far-reaching consequences:
- Operational Disruption: Attackers could crash EV charging stations, causing downtime and financial losses.
- Critical Infrastructure Risk: Energy and transportation sectors rely on EV chargers, making them high-value targets for cybercriminals.
- Global Exposure: Hardy Barth chargers are deployed worldwide, amplifying the potential impact.
- Lack of Vendor Coordination: Hardy Barth’s failure to respond to CISA’s requests leaves organizations without official patches or guidance.
### Mitigation Steps
Given the absence of official patches, organizations must take proactive measures to minimize risks:
1. Isolate Affected Devices:
- Ensure EV charge controllers are not accessible from the internet.
- Place devices behind firewalls and segment them from business networks.
2. Use Secure Remote Access:
- If remote access is necessary, use Virtual Private Networks (VPNs) with the latest security updates.
- Note: VPNs are only as secure as the devices connected to them.
3. Contact Hardy Barth:
- Reach out to Hardy Barth via their contact page or their eCharge brand for updates.
4. Monitor for Exploitation:
- Implement intrusion detection systems (IDS) to identify suspicious activity.
- Follow CISA’s recommended practices for control systems security.
5. Conduct Risk Assessments:
- Perform impact analysis and risk assessments before deploying defensive measures.
### Affected Systems
| Vendor | Product | Affected Versions | Vulnerabilities |
|-----------------|--------------------------------------|-------------------------------------|---------------------------------------------|
| Hardy Barth | Salia EV Charge Controller | Firmware ≤2.3.81 | CVE-2025-5873, CVE-2025-10371 |
## Conclusion
The discovery of CVE-2025-5873 and CVE-2025-10371 in Hardy Barth EV Charge Controllers underscores the growing cybersecurity risks in critical infrastructure. With no official patches and publicly available exploits, organizations must act swiftly to isolate devices, implement defensive measures, and monitor for threats. The lack of vendor response further complicates mitigation efforts, highlighting the need for proactive cybersecurity strategies in the EV charging ecosystem.
For more details, refer to CISA’s official advisory.
---
## References
[^1]: CISA. "ICSA-26-111-05 Hardy Barth Salia EV Charge Controller". Retrieved 2025-01-24.
[^2]: MITRE. "CWE-434: Unrestricted Upload of File with Dangerous Type". Retrieved 2025-01-24.
[^3]: NVD. "CVE-2025-5873 Detail". Retrieved 2025-01-24.
[^4]: NVD. "CVE-2025-10371 Detail". Retrieved 2025-01-24.