Review – Public ICS Disclosures – Week of 6-7-25 – Part 2

This week for Part 2 we have 17 additional vendor disclosures from Moxa, Palo Alto Networks (7), Schneider (3), Siemens, Splunk (2), Supermicro (2), and Weidmueller. Part 3 is scheduled for Tuesday.

Advisories

Moxa Advisory - Moxa published an advisory that describes an improper validation of specified type of input vulnerability in their PT-G7728 & PT-G7828 switches.

PAN Advisory #1 - Palo Alto Networks published an advisory that discusses 11 vulnerabilities in their Prisma Access Browser.

PAN Advisory #2 - Palo Alto Networks published an advisory that describes an improper neutralization of wild cards or matching symbols vulnerability in their Global Protect product.

PAN Advisory #3 - Palo Alto Networks published an advisory that describes a command injection vulnerability in their PAN-OS, Cloud NGFW, and Prisma Access products.

PAN Advisory #4 - Palo Alto Networks published an advisory that describes an OS command injection vulnerability in their PAN-OS, Cloud NGFW, and Prisma Access products.

PAN Advisory #5 - Palo Alto Networks published an advisory that describes an exposure of sensitive information to an unauthorized control sphere vulnerability in their PAN-OS, Cloud NGFW, and Prisma Access products.

PAN Advisory #6 - Palo Alto Networks published an advisory that describes an incorrect privilege assignment vulnerability in their Cortex XDR Broker VM.

PAN Advisory #7 - Palo Alto Networks published an advisory that describes a clear-text transmission of sensitive information vulnerability in their GlobalProtect App.

Schneider Advisory #1 - Schneider published an advisory that discusses multiple vulnerabilities in their Insight Home and Insight Facility products.

Schneider Advisory #2 - Schneider published an advisory that describes six vulnerabilities in their Modicon Controllers.

Schneider Advisory #3 - Schneider published an advisory that describes four vulnerabilities in their EVLink WallBox.

Siemens Advisory - Siemens published an advisory that describes a zip path traversal vulnerability in their module installation process of Studio Pro product.

Splunk Advisory #1 - Splunk published an advisory that discusses six vulnerabilities (two with publicly available exploits) in their Machine Learning Toolkit (MLTK).

Splunk Advisory #2 - Splunk published an advisory that discuses multiple vulnerabilities in their Python for Scientific Computing product, only two vulnerabilities are listed by CVE#s.

Supermicro Advisory #1 - Supermicro published an advisory that discusses an out-of-bounds read vulnerability in multiple Supermicro products.

Supermicro Advisory #2 - Supermicro published an advisory that discusses an improper access control for register intake vulnerability in multiple Supermicro products.

Weidmueller Advisory - CERT-VDE published an advisory that describes three vulnerabilities (with publicly available exploits) in the Weidmueller IE-SR-2TX security routers.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-b27 - subscription required