Review – Public ICS Disclosures – Week of 2-21-25 – Part 2

For Part 2 we have five additional vendor disclosures from Planex Communications, SEL (2), Sick, and Sierra Wireless. There are also eight vendor updates from Broadcom (4), Dell, Hitachi Energy, HPE, and Sick. There is a researcher report for vulnerabilities in products from Siemens. Finally, we have an exploit for products from FortiGuard.

Advisories

Planex Advisory - JP-CERT published an advisory that describes two vulnerabilities in the Planex Wireless LAN routers.

SEL Advisory #1 - SEL published a software update notice that included cybersecurity enhancements to fix six third-party vulnerabilities (one with publicly available exploit) for their SEL-3350 product.

SEL Advisory #2 - SEL published a software update notice that included cybersecurity enhancements to fix three third-party vulnerabilities for their SEL-3355-2 and SEL-3360-2 products.

Sick Advisory - Sick published an advisory that describes two vulnerabilities in their Lector8xx and InspectorP8xx products.

Sierra Wireless Advisory - Semtech published an advisory that discusses the 5Ghoul vulnerabilities in their s EM919x and EM929x cellular modules.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on September 26^th, 2024, and most recently updated on January 7^th, 2025.

Broadcom Update #2 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 14^th, 2024, and most recently updated on February 13^th, 2024.

Broadcom Update #3 - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 7^th, 2025, and most recently updated on February 13^th, 2025.

Broadcom Update #4 - Broadcom published an update for their compromised container advisory that was originally published on October 14^th, 2024.

Dell Update - Dell published an update for their ThinOS advisory that was originally published on September 9^th, 2024.

Hitachi Energy Update - Hitachi Energy published an update for their Relion 670/650/SAM600-IO series advisory that was originally published on November 4^th, 2021, and most recently updated on March 14^th, 2023.

HPE Update - HPE published an update for their ProLiant DL/ML advisory that was originally published on February 11^th, 2025.

Sick Update - Sick published an update for their MEAC300 advisory that was originally published on February 14^th, 2025.

Researcher Reports

Siemens Report - SEC Consult published a report describing two vulnerabilities in the Siemens A8000 CP-8050 and CP-8031 PLCs.

Exploits

FortiGuard Exploit - Indoushka published an exploit for a code execution vulnerability in the FortiGuard FortiManager product.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-ef6 - subscription required.