For Part 2 we have four additional vendor disclosures from ABB, Supermicro (3). We also have 20 bulk vendor updates from Schneider (7) and Siemens (13). There are two additional vendor updates from Moxa (2). We also have four researcher reports of vulnerabilities in products from Lab Center (4). Finally, we have three exploits published for vulnerabilities for products from FortiGuard and Siemens (2).
Advisories
ABB Advisory - ABB published an advisory that describes an improper validationo f specified quantity in input vulnerability in their AC800M and Symphony Plus product lines.
Supermicro Advisory #1 - Supermicro published an advisory that discusses a missing lock check vulnerability in multiple Supermicro products.
Supermicro Advisory #2 - Supermicro published an advisory that discusses a missing lock check vulnerability in multiple Supermicro products.
Supermicro Advisory #3 - Supermicro published an advisory that discusses an access of memory location after end of buffer vulnerability in multiple Supermicro products.
Bulk Vendor Updates – Schneider
• Modicon M340 Controller and Communication Modules,
• Modicon M340 and BMXNOE0100/0110, BMXNOR0200 Communication Modules,
• Modicon Controllers M340 / Momentum / MC80,
• Modbus/TCP Ethernet Modicon M340 module, and Modbus/ TCP Ethernet Modicon M340 FactoryCast module,
• EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 Safety PLCs,
• EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 CPU Safety, and
Bulk Vendor Updates – Siemens
• Frame Aggregation and Fragmentation Vulnerabilities in 802.11,
• Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices,
• Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices,
• Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module,
• Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products,
• Multiple Web Vulnerabilities in SCALANCE Products,
• Denial of Service Vulnerability in Profinet Devices,
• Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products,
• Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products,
• OpenSSL Vulnerability in Industrial Products,
• Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs,
Updates
Moxa Update #1 - Moxa published an update for their Ethernet Switches advisory that was originally published on February 4th, 2026.
Moxa Update #2 - Moxa published an update for their Diffie-Hellman Key Exchange Protocol advisory that was originally published on June 2nd, 2025, and most recently updated on February 4th, 2026.
Researcher Reports
Lab Center Reports - ZDI published four reports describing vulnerabilities in the Lab Center Proteus printed circuit board design suite.
Exploits
FortiGuard Exploit - Samuel de Lucas published an exploit for an OS command injection vulnerability in the FortiGuard FortiSandbox product.
Siemens Exploit #1 - S. Dietz published an exploit for a an out-of-bounds write vulnerability in the Siemens SICAM 8 products.
Siemens Exploit #2 - S. Dietz, et al, published an exploit for an allocation of resources without limit or throttling vulnerability in the Siemens SICAM 8 products.
For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-9f5 - subscription required.
Posts
