Review – Public ICS Disclosures – Week of 11-8-25 – Part 1

A moderately busy Cyber Week. For Part 1 this week we have 18 vendor disclosures from GE Vernova (4), Hitachi (4), HP (4), HPE (3), Jumo, and Palo Alto Networks (2).

Advisories

GE Vernova Advisory #1 - GE Published an advisory that discusses three vulnerabilities in the Gas Power Controls products.

GE Vernova Advisory #2 - GE published an advisory that discusses an uncaught exception vulnerability for unlisted products using AVEVA PI Server and PI Data Archive.

GE Vernova Advisory #3 - GE published an advisory that describes a path traversal vulnerability in their Smallworld Master File Server (SWMFS) Software.

GE Vernova Advisory #4 - GE published an advisory that describes an improper authentication vulnerability in their Smallworld Master File Server (SWMFS) Software.

Hitachi Advisory #1 - Hitachi published an advisory that discusses 44 vulnerabilities in their Disk Array Systems. These are third-party (Microsoft) vulnerabilities.

Hitachi Advisory #2 - Hitachi published an advisory that discusses a covert timing channel vulnerability in their JP1 products.

Hitachi Advisory #3 - Hitachi published an advisory that discusses two vulnerabilities in their JP1 products.

Hitachi Advisory #4 - Hitachi published an advisory that discusses three vulnerabilities in their Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java.

HP Advisory #1 - HP published an advisory that describes two exposure of sensitive information vulnerabilities in their LaserJet Pro Printers.

HP Advisory #2 - HP published an advisory that discusses three vulnerabilities in multiple HP product lines.

HP Advisory  #3 - HP published an advisory that discusses six vulnerabilities in multiple HP product lines.

HP Advisory #4 - HP published an advisory that discusses three vulnerabilities in multiple HP product lines.

HPE Advisory #1 - HPE published an advisory that discusses a stale translation lookaside buffer (TLB) entry vulnerability in their HPE SimpliVity servers.

HPE Advisory #2 - HPE published an advisory that discusses an active debug code vulnerability in their ProLiant DL, and Synergy Servers.

HPE Advisory #3 - HPE published an advisory that discusses a stale translation lookaside buffer (TLB) entry vulnerability in their ProLiant DL/XL servers.

Jumo Advisory - CERT VDE published an advisory that describes the use of a cryptographically weak PRNG vulnerability in the Jumo variTRON password generation algorithm.

Palo Alto Network Advisory # 1 - PAN published an advisory that discusses 23 vulnerabilities in their Prisma Browser.

Palo Alto Network Advisory #2 - PAN published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their PAN-OS and Prisma Access products.

For more information on these disclosures, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-66f  - subscription required.