Review – Public ICS Disclosures – Week of 11-22-25 – Part 2

For Part 2 we have three additional vendor disclosures from ABB, and Wibu (2). There are also six vendor updates from ABB, FortiGuard (2), and Mitsubishi (3). Finally, we have five exploits for products from Broadcom, FortiGuard (2), HP, and Ruckus.

Advisories

ABB Advisory - ABB published an advisory that discusses 22 vulnerabilities in their Ability Camera Connect product.

Wibu Advisory #1 - Wibu published an advisory that describes a write-what-where condition vulnerability in their legacy WibuKey product.

Wibu Advisory #2 - Wibu published an advisory that describes an improper restriction of operations within the bounds of a memory buffer vulnerability in their legacy WibuKey product.

Updates

ABB Update - ABB published an update for their Terra AC wallbox advisory that was originally published on September 16^th, 2025, and most recently updated on October 27^th, 2025.

FortiGuard Update #1 - FortiGuard published an update for their CAPWAP daemon advisory that was originally published on November 18^th, 2025.

FortiGuard Update #2 - FortiGuard published an update for their CAPWAP daemon advisory that was originally published on November 18^th, 2025.

Mitsubishi Update #1 - Mitsubishi published an update for their Lighting Control System MILCO.S advisory that was originally published on November 18^th, 2025.

Mitsubishi Update #2 - Mitsubishi published an update for their Flexera InstallShield advisory that was originally published on July 24^th, 2025.

Exploits

Broadcom Exploit - Indoushka published an exploit for two vulnerabilities in the Broadcom Brocade Fabric OS.

FortiGuard Exploit #1 - Indoushka published an exploit for a relative path traversal vulnerability in the FortiGuard FortiWeb product.

FortiGuard Exploit #1 - Sfewer-r7 published a Metasploit module for two vulnerabilities in the FortiGuard FortiWeb product.

HP Exploit - Indoushka published an exploit for an improper authentication vulnerability in the HP Intelligent Management product.

Ruckus Exploit - Huthaifa Qashou published an exploit for a cross-site scripting vulnerability in the Ruckus Unleashed product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-f10 - subscription required.