Review – Public ICS Disclosures – Week of 7-19-25 – Part 1

This week is a moderately busy disclosure week. For Part 1 we have 12 vendor disclosures from ABB (2), Dell, ELECOM, Helmholz, Hitachi, HP, HPE (4), and MB connect.

Advisories

ABB Advisory #1 - ABB published an advisory that describes a buffer overread vulnerability in their AC500 V2 PLCs.

ABB Advisory #2 - ABB published an advisory that describes an active debug code vulnerability in their Busch-Welcome 2-wire door opener.

Dell Advisory - Dell published an advisory that discusses three vulnerabilities (one with publicly available exploit, two listed in CISA’s KEV catalog) in their ThinOS products.

ELECOM Advisory - JP-CERT published an advisory that describes two vulnerabilities in the ELECOM wireless LAN routers.

Helmholz Advisory - CERT-VDE published an advisory that describes eight vulnerabilities (with publicly available exploits) in the Helmholz REX 100 devices.

Hitachi Advisory - Hitachi published an advisory that discusses 35 vulnerabilities in their Disk Array products.

HP Advisory - HP published an advisory that describes 10 vulnerabilities in their Poly Clariti Manager product.

HPE Advisory #1 - HPE published an advisory that discusses nine vulnerabilities (two with publicly available exploits) in their Telco Network Function Virtual Orchestrator.

HPE Advisory #2 - HPE published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their HP-UX Secure Shell daemon.

HPE Advisory #3 - HPE published an advisory that discusses an allocation of resources without limit or throttling vulnerability in their Telco Service Orchestrator product.

HPE Advisory #4 - HPE published an advisory that describes an observable discrepancy vulnerability in their Telco Service Orchestrator product.

MB Connect Advisory - CERT-VDE published an advisory that describes eight vulnerabilities (with publicly available exploits0 in the MB connectmbNET.mini devices.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-565 - subscription required.