Review – Public ICS Disclosures – Week of 2-8-25 – Part 1

Heavy load for cybersecurity week. For Part 1 this week we have 32 vendor disclosures from ABB, Broadcom (14), FortiGuard (9), Hitachi, HMS, and HP (7). This is a three-part week.

Advisories

ABB Advisory - ABB published an advisory that describes a plaintext storage of password vulnerability in their System 800xA DCS.

Broadcom Advisory #1 - Broadcom published an advisory that discusses a missing memory release after effective lifetime vulnerability in their Brocade SANnav and Brocade Support Link products.

Broadcom Advisory #2 - Broadcom published an advisory that describes a use of broken or risky cryptographic algorithm vulnerability in their Brocade SANnav product.

Broadcom Advisory #3 - Broadcom published an advisory that that describes a use of broken or risky cryptographic algorithm vulnerability in their Brocade SANnav product.

Broadcom Advisory #4 - Broadcom published an advisory that describes an execution with unnecessary privileges vulnerability in their Brocade SANnav product.

Broadcom Advisory #5 - Broadcom published an advisory that describes a debug message revealing unnecessary information vulnerability in their Brocade SANnav product.

Broadcom Advisory #6 - Broadcom published an advisory that describes a cleartext storage of sensitive information vulnerability in their Brocade SANnav product.

Broadcom Advisory #7 - Broadcom published an advisory that discusses seven vulnerabilities in their Brocade SANnav product. These are third-party vulnerabilities.

Broadcom Advisory #8 - Broadcom published an advisory that discusses six vulnerabilities in their Brocade SANnav product. These are third-party (Oracle) vulnerabilities.

Broadcom Advisory #9 - Broadcom published an advisory that discusses two vulnerabilities in their Brocade SANnav product.

Broadcom Advisory #10 - Broadcom published an advisory that describes an SQL injection vulnerability in their Brocade SANnav product.

Broadcom Advisory #11 - Broadcom published an advisory that discusses an allocation of resources without limit or throttling vulnerability in their Brocade SANnav product.

Broadcom Advisory #12 - Broadcom published an advisory that discusses an out-of-bounds write vulnerability in their Brocade SANnav and Brocade Support Link.

Broadcom Advisory #13 - Broadcom published an advisory that discusses a remote code execution vulnerability in their Brocade SANnav and Brocade Support Link.

Broadcom Advisory #14 - Broadcom published an advisory that discusses 60 vulnerabilities in their Brocade SANnav product.

FortiGuard Advisory #1 - FortiGuard published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their FortiAnalyzer products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes a use of an externally controlled format string vulnerability in multiple FortiGuard products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes an insertion of sensitive information into log files vulnerability in their FortiAnalyzer and FortiManager products.

FortiGuard Advisory #4 - FortiGuard published an advisory that describes a cross-site scripting vulnerability in their FortiSandbox products.

FortiGuard Advisory #5 - FortiGuard published an advisory that describes a path traversal vulnerability in their FortiAnalyzer and FortiManager products.

FortiGuard Advisory #6 - FortiGuard published an advisory that describes an OS command injection vulnerability in multiple FortiGuard products.

FortiGuard Advisory #7 - FortiGuard published an advisory that describes an incorrect privilege assignment vulnerability in their FortiOS product.

FortiGuard Advisory #8 - FortiGuard published an advisory that describes a stack-based buffer overflow vulnerability in their FortiOS product.

FortiGuard Advisory #9 - FortiGuard published an advisory that describes a use of hard-coded cryptographic key vulnerability (with publicly available exploit) in FortiManager and FortiManager Cloud products.

Hitachi Advisory - Hitachi published an advisory that discusses an incorrect authorization vulnerability in the Hitachi Cosminexus Developer's Kit for Java.

HP Advisory #1 - HP published an advisory that describes three vulnerabilities in multiple LaserJet printers.

HP Advisory #2 - HP published an advisory that discusses three vulnerabilities in multiple HP PCs.

HP Advisory #3 - HP published an advisory that discusses five vulnerabilities in multiple HP PCs.

HP Advisory #4 - HP published an advisory that discusses an uncontrolled search path element vulnerability in multiple HP notebook and desktop computers.

HP Advisory #5 - HP published an advisory that discusses an improper FMS in hardware logic vulnerability in multiple HP computers.

HP Advisory #6 - HP published an advisory that discusses nine vulnerabilities in HP workstations.

HP Advisory #7 - HP published an advisory that discusses two vulnerabilities in multiple HP computers.

 

For more information on these advisories, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-177 - subscription required.