Review – Public ICS Disclosures – Week of 7-12-25 – Part 1

This week is a moderately busy disclosure week. For Part 1 we have 14 vendor disclosures from Broadcom (7), Delta Electronics, HP, HPE (5), and Omron.

Advisories

Broadcom Advisory #1 - Broadcom published an advisory that discusses 11 vulnerabilities in their Brocade ASC-Gateway OVA and Brocade Support Link products.

Broadcom Advisory #2 - Broadcom published an advisory that discusses an allocation of resources without limit or throttling vulnerability in their Brocade ASC-Gateway OVA.

Broadcom Advisory #3 - Broadcom published an advisory that discusses an improper privilege management vulnerability.

Broadcom Advisory #4 - Broadcom published an advisory that discusses 52 vulnerabilities in their Brocade ASC-Gateway OVA.

Broadcom Advisory #5 - Broadcom published an advisory that describes a cleartext storage of sensitive information vulnerability in their Brocade ASC-Gateway OVA.

Broadcom Advisory #6 - Broadcom published an advisory that describes an inadequate encryption strength vulnerability in their Brocade ASC-Gateway OVA.

Broadcom Advisory #7 - Broadcom published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Brocade ASC-Gateway OVA.

Delta Advisory - Delta published an advisory that describes two path traversal vulnerabilities in their DIAView product.

HP Advisory - HP published an advisory that describes an out-of-bounds read vulnerability in multiple HP products.

HPE Advisory #1 - HPE published an advisory that describes an SQL injection vulnerability in their HPE Telco Service Orchestrator.

HPE Advisory #2 - HPE published an advisory that describes an out-of-bounds read vulnerability in their Cray XD Servers.

HPE Advisory #3 - HPE published an advisory that discusses an allocation of resources without limits or throttling vulnerability in their Telco Service Orchestrator Software.

HPE Advisory #4 - HPE published an advisory that describes three vulnerabilities in their AutoPass License Server.

HPE Advisory #5 - HPE published an advisory that describes two vulnerabilities in their Networking Instant On Access Points.

Omron Advisory - Omron published an advisory that describes a least privilege vulnerability in their NJ/NX-series Machine Automation Controllers.

 

For more information on these disclosures, including links to 3^rd party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-006 - subscription required.