Review – Public ICS Disclosures – Week of 3-29-25 – Part 2

For Part 2 we have five additional vendor disclosures from Moxa (2), Splunk (2), and VMware. We also have three vendor updates from FortiGuard, HP, and Palo Alto Networks. There are eight researcher reports for vulnerabilities in products from STMicroelectronics (4) and BEC Technologies (4). Finally we have five exploits for products from Broadcom, Microchip (2), Palo Alto Networks, and Splunk.

Advisories

Moxa Advisory #1 - Moxa published an advisory that describes an OS command injection vulnerability in their Secure Routers, Cellular Routers, Network Security Appliances.

Moxa Advisory #2 - Moxa has new firmware versions for most of the affected products.

Splunk Advisory #1 - Splunk published an advisory that discusses three vulnerabilities in their UniversalForwarder Docker product.

Splunk Advisory #2 - Splunk published an advisory that discusses three vulnerabilities in their Splunk Docker product.

VMware Advisory - Broadcom published an advisory that describes an improper privilege management vulnerability in the VMware Aria Operations product.

Updates

FortiGuard Update - FortiGuard published an update for their Authentication bypass in Node.js advisory that was originally published on January 14^th, 2025, and most recently updated on February 11^th, 2025.

HP Update - HP published an update for their Intel 2024.3 IPU – Chipset advisory that was originally published on October 24^th, 2024.

Palo Alto Networks Update - Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on March 12^th, 2025, and most recently updated on March 13^th, 2025.

Researcher Reports

STMicroelectronics Reports - Cisco Talos published four reports (including proof-of-concept code) about seven vulnerabilities in the STMicroelectronics X-CUBE-AZRTOS-F7 product.

BEC Technologies Reports - ZDI published four reports about individual vulnerabilities in the BEC Technologies Routers. ZDI reported the vulnerabilities to the vendor but has received no response.

Exploits

Broadcom Exploit - Pierre Kim published an exploit for ten vulnerabilities in the Broadcom Brocade Fabric OS.

Microchip Exploit #1 - Antonio Carriero (et al) published an exploit for an OS command injection vulnerability in the Microchip TimeProvider 4100 Grandmaster product.

Microchip Exploit #2 - Antonio Carriero (et al) published an exploit for a cross-site scripting vulnerability in the Microchip TimeProvider 4100 Grandmaster product.

Palo Alto Networks Exploit - Pierre Kim published an exploit for three deep packet inspection vulnerabilities in the Palo Alto Networks firewalls.

Splunk Exploit - Gunzf0x published an exploit for a path traversal vulnerability in the Splunk Enterprise on Windows product.

 

For more information on these disclosures, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-9a7 - subscription required.