Review – Public ICS Disclosures – Week of 1-10-26 – Part 2

For Part 2 we have seven additional vendor disclosures from ABB, Advantech, FortiGuard, Phoenix Contact, Supermicro, and Wireshark (2). We also have bulk vendor updates from Siemens (14). Finally, there are also five vendor updates from FortiGuard, HPE, and Schneider (3).

Advisories  

ABB Advisory - ABB published an advisory that describes an incorrect implementation of authentication algorithm vulnerability in their Ability OPTIMAX product.

Advantech Advisory - CSA published an advisory that describes an SQL injection vulnerability (with publicly available exploit) in the Advantech IoTSuite and IoT Edge products.

FortiGuard Advisory - FortiGuard published an advisory that describes an OS command injection vulnerability (with publicly available exploit) in their FortiSIEM products.

Phoenix Contact Advisory - Phoenix Contact published an advisory that describes a code injection vulnerability in their TC ROUTER and CLOUD CLIENT Industrial mobile network routers.

Supermicro Advisory - Supermicro published an advisory that describes two improper verification of cryptographic signature vulnerabilities in their BMC firmware.

Wireshark Advisory #1 - Wireshark published an advisory that describes an infinite loop vulnerability in their HTTP3 dissector.

Wireshark Advisory #2 - Wireshark published an advisory that describes a crash vulnerability in their SOME/IP-SD dissector.

Wireshark Advisory #3 - Wireshark published an advisory that describes a crash vulnerability in their IEEE 802.11 dissector.

Wireshark Advisory #4 - Wireshark published an advisory that describes a crash vulnerability in their BLF file parser.

Vendor Updates

FortiGuard Update - FortiGuard published an update for their `Host` header injection advisory that was originally published on January 14^th, 2025.

NOTE: This advisory was not listed on the FortiGuard PSIRT website.

HPE Update - HPE published an update for their OneView Software advisory that was originally published on December 17^th, 2025.

Schneider Update #1 - Schneider published an update for their Modicon Controllers M340 advisory that was originally published on November 12^th, 2024, and most recently updated on April 8^th, 2025.

Schneider Update #2 - Schneider published an update for their RemoteConnect advisory that was originally published on January 14^th, 20225.

Schneider Update #3 - Schneider published an update for their Uni-Telway Driver advisory that was originally published on February 11^th, 2025, and most recently updated on July 8^th, 2025.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-5df - subscription required.