Hardy Barth Salia EV Charge Controller

MonitorCVSS 7.3ICS-CERT ICSA-26-111-05Apr 21, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Hardy Barth Salia Board Firmware versions 2.3.81 and earlier contain file upload validation and buffer overflow vulnerabilities. Successful exploitation could crash the charge controller or allow remote code execution. The vendor did not respond to CISA coordination requests, and no patch status has been disclosed.

What this means

What could happen

An attacker could crash the Salia EV charge controller or potentially execute arbitrary code on it, interrupting electric vehicle charging operations and potentially affecting grid stability if multiple chargers are compromised.

Who's at risk

EV charging station operators and municipal electric utilities deploying Hardy Barth Salia Board charge controllers should evaluate risk, particularly if chargers are reachable from administrative networks or the internet. This affects any facility managing networked EV charging infrastructure.

How it could be exploited

An attacker with network access to the Salia Board could exploit a file upload vulnerability (CWE-434) to upload a malicious file, triggering a buffer overflow condition that either crashes the device or allows remote code execution with control over charging operations.

Prerequisites

Network access to the Salia Board Firmware device
No authentication credentials required

remotely exploitableno authentication requiredlow complexityno patch availablebuffer overflow may enable code execution

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Salia Board Firmware≤ 2.3.81No fix yet

Remediation & Mitigation

0/3

Do now

0/2

HOTFIXContact Hardy Barth directly via their contact page (https://www.hardy-barth.de/de/kontakt) or eCharge brand contact (https://www.echarge.de/en/contact_company) to inquire about available firmware updates or security patches for your Salia Board

WORKAROUNDRestrict network access to the Salia Board Firmware device to only authorized charging management networks and administrative workstations; implement firewall rules to block unexpected inbound connections

Long-term hardening

0/1

HARDENINGSegment EV charging infrastructure onto a dedicated network separate from critical utility control systems to limit lateral movement if a charger is compromised

CVEs (2)

CVE-2025-5873 CVE-2025-10371

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/caceb293-968a-4c91-9884-7de9c7116c28

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.