Review – Public ICS Disclosures – Week of 9-13-25 – Part 2

For Part 2 we have six additional vendor disclosures from Mitsubishi, Omron, Siemens, Supermicro, WAGO, and WatchGuard. Finally, we have nine vendor updates from ABB, HP (2), HPE (3), and Mitsubishi (3).

Advisories

Mitsubishi Advisory - Mitsubishi published an advisory that describes an improper handling of length parameter inconsistency vulnerability in their MELSEC-Q series CPU module.

Omron Advisory - Omron published an advisory that describes an unquoted search path element vulnerability in multiple Omron products.

Siemens Advisory - Siemens published an advisory that discusses a weak authentication vulnerability in their Trainguard products.

NOTE: I briefly discussed this vulnerability on July 10^th, 2025.

Supermicro Advisory - Supermicro published an advisory that describes two improper verification of cryptographic signature vulnerabilities in their BMC firmware.

WAGO Advisory - CERT-VDE published an advisory that describes an insecure default initialization of resource vulnerabilities in multiple WAGO products.

WatchGuard Advisory - WatchGuard published an advisory that describes an out-of-bounds write vulnerability in their Fireware OS iked process.

Updates

ABB Updates - ABB published an update for their FLXeon Controllers advisory that was originally published on September 9^th, 2025.

HP Update #1 - HP published an update for their Intel 2025.1 IPU – Chipset advisory that was originally published on March 10^th, 2025, and most recently update on August 1^st, 2025.

HP Update #2 - HP published an update for their Intel Graphics Driver advisory that was originally published on May 13^th, 2025.

HPE Update #1 - HPE published an update for their ProLiant DL/ML/XD advisory that was originally published on August 14^th, 2025.

HPE Update #2 - HPE published an update for their ProLiant DL/ML/XD advisory that was originally published on August 14^th, 2025.

HPE Update #3 - HPE published an update for their Intel 700 Series advisory that was originally published on August 12^th, 2025.

Mitsubishi Update #1 - Mitsubishi published an update for their GENESIS64 advisory that was originally published on August 5^th, 2025.

Mitsubishi Update #2 - Mitsubishi published an update for their EcoGuideTAB advisory that was originally published on July 10^th, 2025.

Mitsubishi Update #3 - Mitsubishi published an update for their GENESIS64 advisory that was originally published on May 15^th, 2025, and most recently updated on August 5^th, 2025.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-ac4 - subscription required.