Review – Public ICS Disclosures – Week of 8-9-25 – Part 1

This is a relatively busy cyber week. For Part 1 we have a bulk vendor disclosure from HPE (22). There are 15 additional vendor disclosures from ABB (2), Bosch (2), FortiGuard (6), and HP (5).

Bulk Disclosures

HPE – 22 advisories

Advisories

ABB Advisory #1 - ABB published an advisory that describes a missing authentication for critical function vulnerability in their Ability zenon Runtime product.

ABB Advisory #2 - ABB published an advisory that describes seven vulnerabilities in their Aspect products.

Bosch Advisory #1 - Bosch published an advisory that describes three vulnerabilities in their ctrlX OS Setup app.

Bosch Advisory #2 - Bosch published an advisory that discusses an allocation of resources without limit or throttling vulnerability in their Rexroth Fieldbus Couplers.

FortiGuard Advisory #1 - FortiGuard published an advisory that describes a path traversal vulnerability in their FortiManager products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes a double free vulnerability in multiple FortiGuard products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes an incorrect privilege assignment vulnerability in their FortiOS products.

FortiGuard Advisory #4 - FortiGuard published an advisory that describes an integer overflow or wraparound vulnerability in multiple FortiGuard products.

FortiGuard Advisory #5 - FortiGuard published an advisory that describes an authentication bypass using an alternate path or traverse vulnerability in multiple FortiGuard products.

FortiGuard Advisory #6 - FortiGuard published an advisory that discusses an allocation of resources without limit or throttling vulnerability (with publicly available exploit) in multiple FortiGuard products.

HP Advisory #1 - HP published an advisory discusses 15 vulnerabilities in their AMD Client UEFI Firmware.

HP Advisory #2 - HP published an advisory that discusses an improper isolation or compartmentalization vulnerability in multiple HP products.

HP Advisory #3 - HP published an advisory that describes an improper restriction of software interfaces to hardware features vulnerability in the BIOS for multiple HP products.

HP Advisory #4 - HP published an advisory that discusses a TOCTOU race condition vulnerability in multiple HP products.

HP Advisory #5 - HP published an advisory that discusses an improper check for unusual or exceptional conditions vulnerability in multiple HP products.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-fcc - subscription required.