Review – Public ICS Disclosures – Week of 5-25-25 – Part 1

This is a moderately busy disclosure week. For Part 1 we have 18 vendor disclosures from Dell, Dassault Systems (10), Hitachi, Hitachi Energy, HP (3), and HPE (2).

Advisories

Dell Advisory - Dell published an advisory that discusses 313 vulnerabilities in their ThinOS product. One

Dassault Advisory #1 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Service Process Engineer product.

Dassault Advisory #2 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Collaborative Industry Innovator.

Dassault Advisory #3 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Product Manager.

Dassault Advisory #4 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Product Manager.

Dassault Advisory #5 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Multidisciplinary Optimization Engineer.

Dassault Advisory #6 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Product Manager.

Dassault Advisory #7 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Project Portfolio Manager.

Dassault Advisory #8 - Dassault published an advisory that describes a cross-site scripting vulnerability in their City Referential Manager.

Dassault Advisory #9 - Dassault published an advisory that describes a cross-site scripting vulnerability in their City Referential Manager.

Dassault Advisory #10 - Dassault published an advisory that describes a cross-site scripting vulnerability in their Collaborative Industry Innovator.

Hitachi Advisory - Hitachi published an advisory that discusses three improper access control vulnerabilities in multiple Hitachi products.

Hitachi Energy Advisory - Hitachi Energy published an advisory that describes six vulnerabilities in their Asset Suite product.

HP Advisory #1 - HP published an advisory that discusses an improper locking vulnerability in their notebook PCs.

HP Advisory #2 - HP published an advisory that discusses an improper handling of physical or environmental conditions vulnerability in multiple HP products.

HP Advisory #3 - HP published an advisory that discusses five vulnerabilities (one with publicly available exploit) in multiple HP product lines.

HPE Advisory #1 - HPE published an advisory that discusses a cross-site scripting vulnerability (with publicly available exploit) in their Telco Service Orchestrator software.

HPE Advisory #2 - HPE published an advisory that discusses four vulnerabilities (two with publicly available exploits) in their OneView product.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-fdb - subscription required.