ICS ADVISORY: Cybersecurity and Infrastructure Security Agency FLAGS REMOTE CODE EXECUTION RISK IN HARDY BARTH SALIA EV CHARGE CONTROLLER THROUGH FILE UPLOAD AND BUFFER OVERFLOW FLAWS

Threat Summary

Category: Industrial Control System Vulnerability / Remote Code Execution
Features: Buffer overflow condition, unrestricted file upload, device crash potential, remote execution pathway, publicly identified proof-of-concept
Delivery Method: Network-based exploitation via crafted file upload or malformed input targeting firmware-level weaknesses
Threat Actor: Unauthenticated or low-access remote attacker

---

An ICS advisory issued under federal infrastructure security oversight identifies multiple vulnerabilities in the Hardy Barth Salia EV Charge Controller that introduce both denial-of-service and remote code execution conditions. The flaws affect Salia Board Firmware versions 2.3.81 and earlier and are tracked under CVE-2025-5873 and CVE-2025-10371.

The vulnerabilities include an unrestricted upload of file with dangerous type and a buffer overflow condition. Combined, these weaknesses create a pathway where an attacker can deliver crafted payloads to the device, potentially executing arbitrary code or forcing the system into a crash state.

The Hardy Barth Salia EV Charge Controller operates within electric vehicle charging infrastructure, managing charging sessions, device communication, and system-level control functions tied to energy delivery. As part of the broader EV ecosystem, these controllers interact with networked systems, backend services, and grid-connected environments.

The identified vulnerabilities compromise the integrity of those interactions. The unrestricted file upload flaw allows malicious files to be introduced into the system without sufficient validation. When combined with the buffer overflow condition, the device may process crafted inputs in a way that exceeds memory boundaries, leading to execution of attacker-controlled instructions.

This interaction creates a dual-risk scenario. In one condition, the device can be forced into a crash state, interrupting charging operations and creating service disruption. In another condition, a more controlled exploit may allow execution of arbitrary code, enabling persistent access, manipulation of device behavior, or lateral movement into connected systems.

A publicly available proof-of-concept linked to these vulnerabilities indicates that exploitation pathways are already understood at a technical level. This reduces the barrier to entry for attackers and increases the likelihood of replication across exposed environments.

---

Infrastructure at Risk

Electric vehicle charging infrastructure represents the primary exposure surface, particularly within energy and transportation sectors where these controllers are deployed at scale. Public charging stations, fleet charging networks, and distributed energy systems integrating EV infrastructure are all within scope.

Devices accessible over network interfaces or deployed without strict segmentation controls face elevated risk. Charging infrastructure connected to centralized management systems or integrated into smart grid environments introduces additional exposure layers, where compromise of a single controller may influence broader operational systems.

---

Policy / Allied Pressure

Energy and transportation systems remain high-priority sectors within critical infrastructure protection frameworks. Vulnerabilities that enable remote code execution within EV charging systems introduce concerns beyond device-level compromise, extending into grid interaction, service continuity, and infrastructure resilience.

The emergence of vulnerabilities in EV infrastructure aligns with increased regulatory attention on securing distributed energy assets and ensuring that rapidly expanding charging networks maintain hardened security postures.

---

Vendor Defense / Reliance

The advisory identifies the affected firmware versions and underscores the need for immediate mitigation through version updates and controlled deployment practices. Security posture depends on restricting exposure, enforcing network isolation, and preventing direct internet access to control system devices.

Operational reliance on default configurations or unsegmented deployments increases risk. Effective mitigation requires both firmware updates and strict adherence to industrial network security practices.

---

Forecast — 30 Days

• Increased scanning for exposed EV charge controllers running vulnerable firmware
• Replication of proof-of-concept exploit techniques across test environments
• Opportunistic attacks targeting publicly accessible charging infrastructure
• Elevated risk in fleet and distributed charging systems lacking segmentation
• Gradual integration of EV infrastructure exploits into broader ICS attack frameworks

---

TRJ Verdict

This vulnerability set introduces a direct execution pathway inside a device class that sits at the intersection of energy delivery and transportation infrastructure. EV charging systems are not isolated endpoints. They are networked control units interacting with payment systems, grid interfaces, and operational platforms.

A buffer overflow combined with unrestricted file upload is not a minor defect. It is an entry point. Once code execution is achieved, the device becomes a controllable node within a larger infrastructure system.

The presence of a public proof-of-concept shifts this from theoretical exposure to actionable risk. Attackers do not need to discover the flaw. They need only adapt what is already available.

As EV infrastructure expands, the attack surface expands with it. Each deployed controller becomes part of a distributed network where trust, availability, and control must be maintained under increasing pressure.

Failure to isolate, update, and secure these systems introduces avoidable risk into sectors that depend on continuous operation and reliable energy flow.

---

---

---

---

---

---

---

---

🔥 NOW AVAILABLE! 🔥

‎👉 Eclipsera – Apple Music

---

---

---

---

---