Review – Public ICS Disclosures – Week of 5-10-25 – Part 3

For Part 3 we have an additional vendor disclosure from Fuji Electric. We also have 25 vendor updates from Dell, FortiGuard (8), Schneider (2), Siemens (15). Finally we have a researcher report for vulnerabilities in products from Danfoss.

Advisories

Fuji Electric Advisory - JP-CERT published an advisory that describes 11 vulnerabilities in the Fuji Electric V-SFT-6 product.

Updates

Dell Update - Dell published an update for their Wyse Management Suite advisory that was originally published on April 1^st, 2025, and most recently updated on May 8^th, 2025.

FortiGuard Update #1 - FortiGuard published an update for their OS command injection advisory that was originally published on January 14^th, 2025.

FortiGuard Update #2 - FortiGuard published an update for their OpenSSH Terrapin attack that was originally published on January 9^th, 2024, and most recently updated on April 24^th, 2024.

FortiGuard Update #3 - FortiGuard published an update for their denial of service attack in OpenSSH advisory that was originally published on March 11^th, 2025.

FortiGuard Update #4 - FortiGuard published an update for their integer overflow in ipsec ike advisory that was originally published on January 14^th, 2025, and most recently updated on April 11^th, 2025.

FortiGuard Update #5 - FortiGuard published an update for their cross-site scripting advisory that was originally published on February 11^th, 2025.

FortiGuard Update #6 - FortiGuard published an update for their OS command injection advisory that was originally published on March 11^th, 2025.

FortiGuard Update #7 - FortiGuard published an update for their sensitive operations advisory that was originally published on May 14^th, 2024.

FortiGuard Update #8 - FortiGuard published an update for their del feature advisory that was originally published on March 11^th, 2025.

Schneider Update #1 - Schneider published an update for their EcoStruxure Power Build Rapsody advisory that was originally published on January 14^th, 2025.

Schneider Update #2 - Schneider published an update for their ConneXium Network Manager advisory that was originally published on April 8^th, 2025.

Siemens Update #1 - Siemens published an update for their FTP Server of Nucleus RTOS advisory that was originally published on October 11^th, 2022, and most recently updated on April 8^th, 2025.

Siemens Update #2 - Siemens published an update for their User Management Component advisory that was originally published on December 16^th, 2024, and most recently updated on March 11^th, 2025.

Siemens Update #3 - Siemens published an update for their open redirect advisory that was originally published on October 8^th, 2024, and most recently updated on April 8^th, 2025.

Siemens Update #4 - Siemens published an update for their Fortigate NGFW advisory that was originally published on March 12^th, 2024, and most recently updated on April 16^th, 2025.

Siemens Update #5 - Siemens published an update for their Industrial Edge Device Kit advisory that was originally published on April 8^th, 2025, and most recently updated on April 17^th, 2025.

Siemens Update #6 - Siemens published an update for their Industrial Edge Device Kit advisory that was originally published on April 8^th, 2025, and most recently updated on April 17^th, 2025.

Siemens Update #7 - Siemens published an update for their SIPROTEC 5 devices advisory that was originally published on February 11^th, 2025, and most recently updated on April 8^th, 2025.

Siemens Update #8 - Siemens published an update for their SICAM and SITIPE products advisory that was originally published on September 10^th, 2024, and most recently updated on December 10^th, 2024.

Siemens Update #9 - Siemens published an update for their Palo Alto Networks Virtual NGFW advisory that was originally published on April 9^th, 2024, and most recently updated on December 10^th, 2024.

Siemens Update #10 - Siemens published an update for their RUGGEDCOM ROS devices advisory that was originally published on July 13^th, 2021.

Siemens Update #11 - Siemens published an update for their FortiGate NGFW advisory that was originally published on March 12^th, 2024, and most recently updated on April 16^th, 2025.

Siemens Update #12 - Siemens published an update for their Palo Alto Networks PAN-OS advisory that was originally published on November 22^nd, 2025, and most recently updated on April 8^th, 2025.

Siemens Update #13 - Siemens published an update for their Automation License Manager advisory that was originally published on September 10^th, 2024.

Siemens Update #14 - Siemens published an update for their SIMATIC S7-1500 CPUs advisory that was originally published October 8^th, 2024, and most recently updated on April 8^th, 2025.

Siemens Update #15 - Siemens published an update for their s User Management Component advisory that was originally published on September 10^th, 2024, and most recently updated on March 11^th, 2025.

Researcher Reports

Danfoss Report - Claroty published a report that described an improper authentication vulnerability in the Danfoss AK-SM8xxA Series system security manager.

 

For more information about these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-aeb - subscription required.