Review – Public ICS Disclosures – Week of 2-8-25 – Part 2

For Part 2 we have 28 additional vendor disclosures from HPE (15), Insyde, Kunbus, Palo Alto Networks (10), and Philips.

Advisories

HPE Advisory #1 - HPE published an advisory that discusses an incorrect execution-assigned permissions vulnerability in their Intel E810 Series Ethernet Controllers.

HPE Advisory #2 - HPE published an advisory that discusses an uncontrolled search path element vulnerability in their Ethernet Adapters.

HPE Advisory #3 - HPE published an advisory that discusses four vulnerabilities in their Unified OSS Console and HPE Unified OSS Assurance Monitoring software.

HPE Advisory #4 - HPE published an advisory that discusses three vulnerabilities in their StoreEasy Servers.

HPE Advisory #5 - HPE published an advisory that discusses three vulnerabilities in their ProLiant DL/ML/XL, Alletra, Edgeline and Synergy Servers.

HPE Advisory #6 - HPE published an advisory that discusses a sequence of processor instructions leads to unexpected behavior vulnerability in their StoreEasy Servers.

HPE Advisory #7 - HPE published an advisory that discusses an improper FMS in hardware logic vulnerability in their HPE StoreEasy Servers.

HPE Advisory #8 - HPE published an advisory that discusses an improper access control vulnerability in their StoreEasy Servers.

HPE Advisory #9 - HPE published an advisory that discusses an execution with unnecessary privileges vulnerability in their SimpliVity AMD Servers.

HPE Advisory #10 - HPE published an advisory that discusses two improper input validation vulnerabilities in their SimpliVity AMD Servers.

HPE Advisory #11 - HPE published an advisory that discusses an improper access control vulnerability in their ProLiant DL/ML, Alletra, Apollo, Edgeline, MicroServer and Synergy Servers.

HPE Advisory #12 - HPE published an advisory that discusses an improper FMS in hardware logic vulnerability in their ProLiant DL/ML, Alletra, Edgeline and Synergy Servers.

HPE Advisory #13 - HPE published an advisory that discusses a sequence of processor instructions leads to unexpected behavior vulnerability in their ProLiant DL/ML, Alletra, Edgeline and Synergy Servers.

HPE Advisory #14 - HPE published an advisory that discusses two improper input validation vulnerabilities in their ProLiant AMD Servers.

HPE Advisory #15 - HPE published an advisory that discusses an execution with unnecessary privileges vulnerability in their ProLiant AMD Servers.

Insyde Advisory - Insyde published an advisory that describes a potential memory leak vulnerability in their InsydeH2O product.

Kunbus Advisory - Incibe-CERT published an advisory that describes two vulnerabilities in the Kunbus Revolution Pi IIoT gateway.

Palo Alto Networks Advisory #1 - PAN published an advisory that describes an improper protection of alternate path vulnerability in their Cortex XDR Broker VM product.

Palo Alto Networks Advisory #2 - PAN published an advisory that discusses 32 vulnerabilities in their PAN-OS product. These are third-party vulnerabilities.

Palo Alto Networks Advisory #3 - PAN published an advisory that describes a configuration issue with their GlobalProtect Clientless VPN product.

Palo Alto Networks Advisory #4 - PAN published an advisory that discusses 20 vulnerabilities in their Prisma Access Browser.

Palo Alto Networks Advisory #5 - PAN published an advisory that discusses an HTTP request/response smuggling vulnerability with a publicly available exploit in their Cortex XDR Broker VM product.

Palo Alto Networks Advisory #6 - PAN published an advisory that describes an improper check for unusual or exceptional condition vulnerability in their Cortex XDR Agent.

Palo Alto Networks Advisory #7 - PAN published an advisory that describes an external control of file name or path vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #8 - PAN published an advisory that describes an OS command injection vulnerability in their PAN-OS OpenConfig Plugin.

Palo Alto Networks Advisory #9 - PAN published an advisory that describes an external control of file name or path vulnerability in their PAN-OS product.

Palo Alto Networks Advisory #10 - PAN published an advisory that describes a missing authentication for critical function vulnerability in their PAN-OS product.

Philips Advisory - Philips published an advisory that discusses the Veeam man-in-the-middle vulnerability (CVE-2025-23114 not CVE-2025-231104 as reported by Philips).

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-3aa - subscription required.