Review – Public ICS Disclosures – Week of 7-5-25 – Part 1

This is a heavy week (even for the monthly cyber disclosure week) for public ICS disclosures, I count over 90 separate disclosures. To make this a reasonable series of reports, I am going to try a new short cut; where a vendor has more than 10 separate disclosures, I am going to list them in a “bulk disclosure” listing.

Bulk Disclosures

Broadcom published 15 separate advisories (including 2 updated advisories) for their Brocade products.

HPE published 21 separate advisories (including 1 updated advisory).

Schneider published 10 separate advisories (including 6 updated advisories).

Siemens published 20 separate advisories (including 17 updated advisories) that were not covered earlier this week by CISA.

Splunk published 12 separate advisories.

Normal Disclosures

Additionally, this week we have vendor disclosures from FortiGuard (5), Frauscher, HMS, and HP (2).

Advisories

FortiGuard Advisory #1 - FortiGuard published an advisory that describes an SQL injection vulnerability in multiple FortiGuard products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an improperly implemented security check for standard vulnerability in multiple FortiGuard products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes a heap-based buffer overflow vulnerability in their FortiOS product.

FortiGuard Advisory #4 - FortiGuard published an advisory that describes a missing critical step in authentication vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #5 - FortiGuard published an advisory that describes an insufficient session expiration vulnerability in their FortiIsolator and FortiSandbox products.

Frauscher Advisory - CERT-VDE published an advisory that describes two OS command injection vulnerabilities in the Frauscher FDS products.

HMS Advisory - HMS published an advisory that announces that new firmware versions are available for multiple HMS products that conform to the new cybersecurity requirements found in the Radio Equipment Directive 2025.

HP Advisory #1 - HP published an advisory that discusses two transient execution vulnerabilities in multiple HP products.

HP Advisory #2 - HP published an advisory that describes an improper privilege management vulnerability in their Support Assistant product.

 

For more information on these disclosures, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-9c5 - subscription required.