Review – Public ICS Disclosures – Week of Week of 3-22-25

This week we have 31 vendor disclosures from ABB (2), Arteche, B&R Automation, Hitachi, Hitachi Energy (2), HPE (4), Philips, Splunk (12), VMware, WatchGuard (2), and Westermo (3). There are also two vendor updates from Hitachi Energy and HP.

Advisories

ABB Advisory #1 - ABB published an advisory that discusses 18 vulnerabilities in their Low Voltage DC Drives and Power Controllers.

ABB Advisory #2 - ABB published an advisory that discusses 15 vulnerabilities in their ACS880 +N8010 Drives. These are third-party (CODESYS) vulnerabilities.

Arteche Advisory - Incibe-CERT published an advisory that describes eight vulnerabilities in the Arteche saTECH BCU controller.

B&R Advisory - B&R published an advisory that describes 13 vulnerabilities in their APROL control system

Hitachi Advisory - Hitachi published an advisory that discusses 121 vulnerabilities in their Disk Array Systems. These are third-party (mostly Microsoft) vulnerabilities.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes four vulnerabilities in their RTU500 series products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes three vulnerabilities in their TRMTracker product.

HPE Advisory #1 - HPE published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in multiple HPE products.

HPE Advisory #2 - HPE published an advisory that discusses nine vulnerabilities (one with publicly available exploit) in B-Series SANnav Management Portal.

HPE Advisory #3 - HPE published an advisory that discusses four vulnerabilities (three with publicly available exploits) in their Telco Service Orchestrator product.

HPE Advisory #4 - HPE published an advisory that discusses four vulnerabilities (one with publicly available exploit) in their Unified OSS Console (UOC) and HPE Unified OSS Assurance Monitoring (UOCAM) Software.

Philips Advisory - Philips published an advisory that discusses the IngressNightmare vulnerabilities.

Splunk Advisory #1 - Splunk published an advisory that discusses a server-side request forgery vulnerability (with publicly available exploit) in their Infrastructure Monitoring Add-on.

Splunk Advisory #2 - Splunk published an advisory that discusses two vulnerabilities in their Add-on for Microsoft Cloud Services.

Splunk Advisory #3 - Splunk published an advisory that describes an incorrect permission assignment for critical function vulnerability in their App for Lookup File Editing application.

Splunk Advisor #4 - Splunk published an advisory that discusses ‘multiple’ (not individually listed in the advisory) vulnerabilities in their App for Data Science and Deep Learning.

Splunk Advisory #5 - Splunk published an advisory that discusses ‘multiple’ (not individually listed in the advisory) vulnerabilities in their Enterprise product.

Splunk Advisory #6 - Splunk published an advisory that describes an improper access control vulnerability in their Secure Gateway App.

Splunk Advisory #7 - Splunk published an advisory that describes an improper input validation vulnerability in their Enterprise Dashboard Studio.

Splunk Advisory #8 - Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise product.

Splunk Advisory #9 - Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise product.

Splunk Advisory #10 - Splunk published an advisory that describes a cross-site request forgery in their Enterprise product.

Splunk Advisory #11 - Splunk published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Secure Gateway App.

Splunk Advisor #12 - Splunk published an advisory that describes an improper access control vulnerability in their Enterprise product.

VMware Advisory - Broadcom published an advisory that describes an authentication bypass using an alternate path or channel vulnerability in the VMware Tools for Windows product.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an incorrect default permissions vulnerability in their Terminal Services Agent product.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes an incorrect default permissions vulnerability in their Mobile VPN product.

Westermo Advisory #1 - Westermo published an advisory that discusses an improper argument handling vulnerability in their WeOS product.

Westermo Advisory #2 - Westermo published an advisory that describes a denial of service vulnerability in their WeOS product.

Westermo Advisory #3 - Westermo published an advisory that describes an insufficiently protected HTTP session token vulnerability in their WeOS product.

UPDATES

Hitachi Energy Update - Hitachi Energy published an update for their MicroSCADA Pro/X SYS600 advisory that was originally published on August 27^th, 2024, and most recently updated on October 29^th, 2024.

HP Update - HP published an update for their Poly Devices advisory that was originally published on February 4^th, 2025.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-week-b06 - subscription required.