Review – Public ICS Disclosures – Week of 12-6-25 – Part 2

For Part 2 we have nine bulk disclosures from Siemens. There are five additional vendor disclosures from Dell, Pheonix Contact, Schneider (2), and WAGO. There are 14 bulk updates from HP (6) and Siemens (8). We also have three other vendor updates from Hitachi Energy, Moxa, and Schneider. There is a researcher report on vulnerabilities in products from the Biosig Project (6). Finally, we have four exploits for products from Broadcom, Palo Alto Networks, and React Server Components (2).

Bulk Disclosures – Siemens

• Denial of service Vulnerability in Interniche IP-Stack based Industrial Devices,

• Multiple Vulnerabilities in RUGGEDCOM ROX Before V2.17,

• Multiple Vulnerabilities in SINEC Security Monitor before V4.10.0,

• Denial of Service Vulnerability in Ruggedcom ROS devices before V5.10.1,

• File Parsing Vulnerability in Simcenter Femap Before V2512,

• Multiple Vulnerabilities in SICAM T Before V3.0,

• Multiple Vulnerabilities in SIMATIC CN 4100 Before V4.0.1,

• Multiple Vulnerabilities in COMOS, and

• Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0.

Advisories

Dell Advisory - Dell published an advisory that discusses 36 vulnerabilities in their ThinOS product.

Pheonix Contact Advisory - Pheonix Contact published an advisory that describes 14 vulnerabilities in their SWITCH 2xxx Firmware.

Schneider Advisory #1 - Schneider published an advisory that discusses an exposure of sensitive information to unauthorized actor vulnerability in multiple Schneider products.

Schneider Advisory #2 - Schneider published an advisory that discusses a deserialization of untrusted data vulnerability in their EcoStruxure Foxboro DCS Advisor.

WAGO Advisory - CERT-VDE published an advisory that describes two stack-based buffer overflow vulnerabilities in the WAGO Industrial-Managed Switches.

Bulk Updates – HP

• NVIDIA GPU Display Driver October 2025 Security Update,

• NVIDIA GPU Display Driver July 2025 Security Update,

• Certain HP LaserJet Pro Printers – Potential Information Disclosure,

• AMD CPU Microcode Security Update,

• HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution, and

• Intel System Security Report and System Resources Defense.

Bulk Updates – Siemens

• Deserialization Vulnerability in Siemens Engineering Platforms before V20,

• RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products,

• Deserialization Vulnerability in Siemens Engineering Platforms,

• Buffer Overflow Vulnerability in Third-Party Component in SICAM and SITIPE Products,

• Deserialization Vulnerability in Siemens Engineering Platforms,

• Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products,

• Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20, and

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their Relion 670/650 advisory that was originally published on June 24^th, 2025, and most recently updated on August 26^th, 2025.

Moxa Update - Moxa published an update for their ICMP Timestamp Request advisory that was originally published on October 21^st, 2025, and most recently updated on October 27^th, 2025.

Schneider Update - Schneider published an update for their Altivar Process Drives advisory that was originally published on September 9^th, 2025, and most recently updated on October 14^th, 2025.

Researcher Reports

Biosig Project Report - Cisco Talos published a report that describes six stack-based buffer overflow vulnerabilities in the Biosig Project libbiosig library.

Exploits

Broadcom Exploit - Indoushka published an exploit for an improper restriction of operations within the bounds of a memory buffer vulnerability in the Broadcom Wi-Fi Firmware.

Palo Alto Networks Exploit - Indoushka published an exploit for a deep-packet inspection vulnerability in the PanOS.

RSC Exploit #1 - Indoushka published a scanner for, and an exploit of, the deserialization of untrusted data vulnerability in React Server Components.

RSC Exploit #2 - Maksim Rogov, et al, published a Metasploit module for the the deserialization of untrusted data vulnerability in React Server Components.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-0c5 - subscription required.