Review – Public ICS Disclosures – Week of 7-28-25 – Part 2

For Part 2 we have three additional vendor disclosures from Fuji Electronic and Westermo (2). There are also seven vendor updates from Dell, Delta Electronics (3), Palo Alto Networks (2), and SonicWall. Finally, we have two researcher reports for vulnerabilities in products from Hikvision.

Advisories

Fuji Advisory - JP-CERT published an advisory that describes a heap-based buffer overflow vulnerability in the Fuji V-SFT and TELLUS products.

Westermo Advisory #1 - Westermo published an advisory that describes an OS command injection vulnerability in their WeOS 5 product.

Westermo Advisory #2 - Westermo published an advisory that describes an insertion of sensitive information into a log file vulnerability in their WeOS 5 product.

Updates

Dell Update - Dell published an update for their ThinOS advisory that was originally published on March 4^th, 2025, and most recently updated on April 7^th, 2025.

Delta Update #1 - Delta published an update for their mydeltasolar website advisory that was originally published on November 29^th, 2022.

Delta Update #2 - Delta published an update for their iacommunication web page advisory that was originally published on February 10^th, 2022.

Delta Update #3 - Delta published an update for their deltaww.com advisory that was originally published on March 9^th, 2023.

Palo Alto Networks Update #1 - PAN published an update for their Authenticated Admin Command Injection advisory that was originally published on June 11^th, 2025, and most recently updated on June 24^th, 2025.

Palo Alto Networks Update #2 -n PAN published an update for their Traffic Information Disclosure advisory that was originally published on June 11^th, 2025.

SonicWall Update - SonicWall published an update for their SMA100 SSL-VPN advisory that was originally published on December 4^th, 2024, and most recently updated on April 29^th, 2025.

Researcher Reports

Hikvision Report #1 - VulnCheck published a report about a deserialization of untrusted data vulnerability (with publicly available exploit) in the Hikvision HikCentral product.

Hikvision Report #2 - VulnCheck published a report about a path traversal vulnerability in the Hikvision Streaming Media Management Server.

 

For more information on these disclosures, including links to researcher reports and exploits – see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-ac5 - subscription required.