Review – Public ICS Disclosures – Week of 2-8-25 – Part 3

For Part 3 we have eight additional vendor disclosures from ABB, Schneider (4) and WatchGuard (3). We also have 25 vendor updates from Broadcom (9), Elecom (3), FortiGuard (2), Schneider (2), and Siemens (9). There are 11 researcher reports of vulnerabilities in products from ABB (9), CMU-CERT, and Wattsense. Finally, we have three exploits for vulnerabilities in products from ABB (2) and mySCADA.

Advisories

ABB Advisory - ABB published an advisory that describes three vulnerabilities (one with publicly available exploit) in their FLXeon Controllers.

Schneider Advisory #1 - Schneider published an advisory that describes four vulnerabilities in their ASCO 5310 / 5350 Remote Annunciator.

Schneider Advisory #2 - Schneider published an advisory that describes an improper input validation vulnerability in their Uni-Telway driver.

Schneider Advisory #3 - Schneider published an advisory that describes an improper privilege management vulnerability in their EcoStruxure Process Expert products.

Schneider Advisory #4 - Schneider published an advisory that describes three improper input validation vulnerabilities in their Enerlin’X IFE and eIFE ethernet connectors for circuit breakers.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an improper input validation vulnerability in their Fireware OS.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS.

WatchGuard Advisory #3 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS.

Updates

Broadcom Update #1 - Broadcom published an update for their SNMP commands advisory that was originally published on July 30^th, 2024.

Broadcom Update #2 - Broadcom published an update for their SNMP passwords advisory that was originally published on July 30^th, 2024, and most recently updated on September 3^rd, 2024.

Broadcom Update #3 - Broadcom published an update for their third-party SANnav vulnerabilities advisory that was originally published on October 14^th, 2024, and most recently updated on January 7^th, 2025.

Broadcom Update #4 - Broadcom published an update for their third-party Brocade Fabric OS advisory that was originally published on September 26^th, 2024, and most recently updated on November 12^th, 2024.

Broadcom Update #5 - Broadcom published an update for their OpenSSH advisory that was originally published on December 9^th, 2024, and most recently updated on January 7^th, 2025.

Broadcom Update #6 - Broadcom published an update for their third-party Brocade ASCG vulnerabilities advisory that was originally published on January 7^th, 2025.

Broadcom Update #7 - Broadcom published an update for their OpenSSL file names advisory that was originally published on August 1^st 2024.

Broadcom Update #8 - Broadcom published an update for their regreSSHion advisory that was originally published on July 15^th, 2024.

Broadcom Update #9 - Broadcom published an update for their LESSCLOSE advisory that was originally published on November 12^th, 2024.

Elecom Update #1 - JP-CERT published an update for the Elecom wireless LAN router advisory that was originally published on July 30^th, 2024, and most recently updated on August 27^th, 2024.

Elecom Update #2 - JP-CERT published an update for the Elecom and LOGITEC network devices advisory that was originally published on August 10^th, 2023, and most recently updated on August 27^th, 2024.

Elecom Update #3 - JP-CERT published an update for the Elecom wireless LAN routers advisory that was originally published on August 27^th, 2024, and most recently updated on November 26^th, 2024.

FortiGuard Update #1 - FortiGuard published an update for their regreSSHion advisory that was originally published on July 9^th, 2024, and most recently updated on December 19^th, 2024.

FortiGuard Update #2 - FortiGuard published an update for their authentication bypass in Node.js advisory that was originally published on January 14^th, 2025, and most recently updated on January 24^th, 2025.

Schneider Update #1 - Schneider published an update for their FlexNet Publisher advisory that was originally published on January 14^th, 2025.

Schneider Update #2 - Schneider published an update for their Modicon Controllers advisory that was originally published on May 14^th, 2019, and most recently updated on July 9^th, 2024.

Siemens Update #1 - Siemens published an update for their FortiGate NGFW advisory that was originally published on March 12^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #2 - Siemens published an update for their OpenSSL (CVE-2022-0778) advisory that was originally published on June 14^th, 2022, and most recently updated on July 9^th, 2024.

Siemens Update #3 - Siemens published an update for their FortiGate NGFW advisory that was originally published on July 9^th, 2024, and most recently updated on December 10^th, 2024.

Siemens Update #4 - Siemens published an update for their TCP Event Service advisory that was originally published on October 11^th, 2022, and most recently updated on March 14^th, 2024.

Siemens Update #5 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on January 14^th, 2025.

Siemens Update #6 - Siemens published an update for their Palo Alto Networks PAN-OS advisory that was originally published on November 22^nd, 2024.

Siemens Update #7 - Siemens published an update for their Industrial Real-Time Devices advisory that was originally published on October 8^th, 2019, and most recently updated on September 10^th, 2024.

Siemens Update #8 - Siemens published an update for their SINEC Traffic Analyzer advisory that was originally published on June 11^th, 2025.

Siemens Update #9 - Siemens published an update for their Filesystem Access advisory that was originally published on January 14^th, 2025.

Researcher Reports

ABB Reports - Zero Science published seven reports about vulnerabilities in the ABB Cylon FLXeon building energy management system.

CMU-CERT Report - Zero Science published a report about a stored cross-site scripting vulnerability in CMU-CERT’s Vulnerability Information and Coordination Environment (VINCE).

Wattsense Report - SEC Consult published a report that describes four vulnerabilities in the Wattsense Bridge.

Exploits

ABB Exploit #1 – LiquidWorm published an exploit for a session fixation vulnerability in the ABB Cylon Aspect building energy management system.

ABB Exploit #2 - LiquidWorm published an exploit for a uncontrolled resource consumption vulnerability in the ABB Cylon FLXeon building automation system.

mySCADA Exploit - Michael Heinzl published an exploit for an OS command injection vulnerability in the mySCADA myPRO Manager.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-b1d - subscription required.