Review – Public ICS Disclosures – Week of 3-29-25 – Part 1

This week we have 18 vendor disclosures from Honeywell (3), HP, HPE, Inaba Denki Sangyo (2), JTEKT (2), Meinberg, PcVue, Philips (3), and SEL (4).

Advisories

Honeywell Advisory #1 - Honeywell published an end-of-life notice for their PWLP Mercury Series 3/LP Series Intelligent Controllers.

Honeywell Advisory #2 - Honeywell published an end-of-life notice for their 30 Series 5MP Fisheye Camera.

Honeywell Advisory #3 - Honeywell published an end-of-life notice for their VMS R670 & R700 / NVR6.7 & R7.0.

HP Advisory - HP published an advisory that discusses three vulnerabilities in multiple HP products.

HPE Advisory - HPE published an advisory that describes two vulnerabilities (one with publicly available exploit) in their Aruba Networking Virtual Intranet Access (VIA) Client.

IDS Advisory - JP-CERT published an advisory that describes eight vulnerabilities in the IDS Wi-Fi AP UNIT 'AC-WPS-11ac series'.

JTEKT Advisory #1 - JTEKT published an advisory that describes six vulnerabilities in their HMI View Jet C-more series.

JTEKT Advisory #2 - JTEKT published an advisory that describes two vulnerabilities in their HMI GC-A2 series.

Meinberg Advisory - Meinberg published an advisory that discusses five vulnerabilities in their Lantime product.

PcVue Advisory - PcVue published an advisory that discusses a NULL pointer dereference vulnerability in their IEC 61850 client driver and the ICCP client add-on in PcVue.

Philips Advisory #1 - Philips published an advisory that discusses an authorization bypass (CVE-2025-29927) that affects Next.js.

Philips Advisory #2 - Philips published an advisory that discusses a Chromium sandbox escape vulnerability that is listed in the CISA Known Exploited Vulnerabilities catalog.

Philips Advisory #3 - Philips published an advisory that discusses a recent Oracle Health data breach.

SEL Advisory #1 - SEL published a software update notice that reports cybersecurity upgrades in their SEL-5052 Server Software.

SEL Advisory #2 - SEL published a software update notice that reports cybersecurity upgrades in their SEL Compass product.

SEL Advisory #3 - SEL published a software update notice that reports cybersecurity upgrades in their SEL-5030 acSELerator QuickSet Software.

SEL Advisory #4 - SEL published a software update notice that reports cybersecurity upgrades in their SEL-5033 acSELerator RTAC Software.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-81f - subscription required.