Hardy Barth Salia EV Charge Controller

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-05.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. /strong /p p The following versions of Hardy Barth Salia EV Charge Controller are affected: /p ul li Salia Board Firmware lt;=2.3.81 (CVE-2025-5873, CVE-2025-10371) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.3 /td td Hardy Barth /td td Hardy Barth Salia EV Charge Controller /td td Unrestricted Upload of File with Dangerous Type /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy, Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-5873 /a /h3 div class="csaf-accordion-content" p A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.3.81. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-5873" View CVE Details /a /p hr h4 Affected Products /h4 h5 Hardy Barth Salia EV Charge Controller /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Hardy Barth /div div class="ics-version" strong Product Version: /strong br Hardy Barth Salia Board Firmware: lt;=2.3.81 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Hardy Barth did not respond to CISA's request for coordination. /p p strong Mitigation /strong br Contact Hardy Barth using their contact page here: https://www.hardy-barth.de/de/kontakt for more information. br a href="https://www.hardy-barth.de/de/kontakt" https://www.hardy-barth.de/de/kontakt /a /p p strong Mitigation /strong br Alternatively, Hardy Barth can also be contacted through their eCharge brand here: https://www.echarge.de/en/contact_company br a href="https://www.echarge.de/en/contact_company" https://www.echarge.de/en/contact_company /a /p /div p strong Relevant