Saturday, January 10, 2026

Review – Public ICS Disclosures – Week of 1-3-26

This is a relatively light disclosure week. We have four vendor disclosures from ABB, Fujitsu, Dell, and Moxa. There are also five vendor updates from HP, HPE, Mitsubishi, and Moxa (2). We also have a researcher report for products from WatchGuard. Finally, we have two exploits for products from Bio-Formats (2).

Advisories

ABB Advisory - ABB published an advisory that describes three vulnerabilities in their WebPro SNMP Card PowerValue product.

Fujitsu Advisory - JP-CERT published an advisory that describes origin validation error in the Fujitsu Security Solution AuthConductor Client Basic V2.

Dell Advisory - Dell published an advisory that discusses 36 vulnerabilities in their Windows IoT Enterprise LTSC.

Moxa Advisory - Moxa published an advisory that discusses an quoted search path vulnerability in their ethernet switches.

Updates

HP Update - HP published an update for the Intel Ethernet I219 Software advisory that was originally published on February 11th, 2025, and most recently updated on April 24th, 2025.

HPE Update - HPE published an update for their ProLiant DL/ML/XD Alletra advisory that was originally published on December 12th, 2025.

Mitsubishi Update - Mitsubishi published an update for their GENESIS64 advisory that was originally published on July 19th, 2022, and most recently updated on July 24th, 2025.

Moxa Update #1 - Moxa published an update for their ICMP Timestamp Request advisory that was originally published on October 21st, 2025, and most recently updated on December 8th, 2025.

Moxa Update #2 - Moxa published an update for their Diffie-Hellman Key Exchange Protocol advisory that was originally published on June 2nd, 2025, and most recently updated on November 3rd, 2025.

Researcher Reports

WatchGuard Report - Lutra Security published a report that describes a command injection vulnerability in the WatchGuard Mobile VPN.

Exploits

Bio-Formats Exploit #1 - Ron Edgerson published an exploit for a deserialization of untrusted data vulnerability in the Bio-Formats Memoizer Cache Files.

Bio-Formats Exploit #2 - Ron Edgerson published an exploit for an improper restriction of external XML entity reference vulnerability in Bio-Formats Leica Microsystems XML Parser.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/publish/posts/detail/184117903/share-center - subscription required.
Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */