Saturday, August 23, 2025

Review – Public ICS Disclosures – Week of 8-16-25

This is a moderately busy disclosure week. We have bulk disclosures from HPE (7). This week we have five additional vendor disclosures from Delta Electronics, Honeywell, HP, SMA, and Weissmann & Theis. We have bulk updates from Dell (5). We have three vendor updates from HPE and Siemens (2). There is also a researcher report for a vulnerability in a product from Ilevia. Finally, we have an exploit for products from Lantronix.

Bulk Disclosures

HPE published 7 disclosures.

Advisories

Delta Advisory - Delta published an advisory that describes four cross-site scripting vulnerabilities in their DIAEnergie products.

Honeywell Advisory - Honeywell published an end-of-life notice for their Select 60 Series cameras.

HP Advisory - HP published an advisory that discusses two vulnerabilities in their Security Manager product.

SMA Advisory - CERT-VDE published an advisory that describes an exposure of private personal data to an unauthorized actor vulnerability in the SMA ennexos.sunnyportal.com.

Wiesemann Advisory - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in the Wiesemann Motherbox 3 product.

Bulk Updates

Dell published five updates for their Wyse product line.

Updates

HPE Updates - HPE published an update for their ProLiant DL/ML/XL advisory that was originally published on August 12th, 2025.

Siemens Update #1 - Siemens published an update for their Desigo CC Product Family advisory that was originally published on August 14th, 2025.

Siemens Update #2 - Siemens published an update for their e OPC UA Implementations advisory that was originally published on September 12th, 2023, and most recently updated on January 14th, 2025.

Researcher Reports

Ilevia Report - Zero Science published a report describing a server-side logging vulnerability (with publicly available exploit) in the Ilevia EVE X1 Server.

Exploits

Lantronix Exploit - Byte Reaper published an exploit for an improper restriction of XML external entity reference vulnerability in the Lantronix Provisioning Manager.


For more information on these disclosures, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-86f - subscription required.


Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */