Review – Public ICS Disclosures – Week of 1-24-26 – Part 1

This is a moderately busy disclosure week. We have bulk vendor disclosures from Broadcom (48). There are also 14 other vendor disclosures from B&R (2), Beckhoff (2), Dell, Dassault Systems (2), Hanwha Vision, Hitachi, Hitachi Energy (3), HPE, and Siemens.

Bulk Vendor Disclosures – Broadcom

• Nessus detected vulnerability in the Brocade OVA base image (CVE-2025-21991),

• The DisableForwarding directive does not fully adhere to the intended functionality as documented (CVE-2025-32728),

• Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service,

• Curl vulnerabilities detected in SANnav images (CVE-2025-4947, CVE-2025-5025) ,

• DoS due to improper input validation vulnerability in Apache Tomcat - CVE-2024-24549,

• Spring Framework DoS (CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262),

• Oracle Java SE Updates (July 2025),

• Multiple Vulnerabilities in Node.js (Wednesday, May 14, 2025 Security Releases). Nessus Plugin ID 236766,

• Low-level invalid GF(2^m) parameters lead to OOB memory access,

• Multiple Vulnerabilities in Apache Kafka,

• Postgres vulnerabilities (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715),

• libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 (CVE-2024-7264) ,

• PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation,

• Vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled (CVE-2025-26465),

• Rocky Linux Updates applied to SANnav (CVE-2024-3661, CVE-2024-11187, CVE-2024-12797) ,

• A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine,

• xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak,

• Multiple Linux Security Updates applied to Brocade Fabric OS 10.0,

• The x509 application adds trusted use instead of rejected use,

• libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time,

• MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64,

• In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c,

• Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses,

• GNU tar mishandled extension attributes in a PAX archive,

• This flaw allows a malicious HTTP server to set "super cookies" in curl,

• Glib GVariant deserialization fails to validate input,

• A heap out-of-bounds read flaw was found in builtin.c in the gawk package,

• Scan discovered multiple CVEs against glibc,

• Null pointer dereference found in openldap,

• A denial of service vulnerability exists in curl,

• An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0,

use-after-free and memory corruption,

• A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation,

• The allocate_structures function insufficiently checks bounds before arithmetic multiplication,

• Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem,

• Brocade SANnav DataBase password in plain text is logged in failover logs (CVE-2025-12680),

• Plaintext Switch admin login password is seen in Brocade SANnav support save (CVE-2025-12772) ,

• Plain password is logged in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a (CVE-2025-12773),

• SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0 (CVE-2025-12774),

• Information disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0 (CVE-2026-0383),

• Privilege escalation in Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b (CVE-2025-9711),

• Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command (CVE-2025-58380),

• Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.0 (CVE-2025-12679),

• Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands (CVE-2025-58381),

• Password Exposure in Brocade Fabric OS before 9.2.1 (CVE-2025-58379),

• Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a (CVE-2025-58382),

• Privilege escalation via bind command in Brocade Fabric OS (CVE-2025-58383),

• Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf (CVE-2025-12543).

Advisories

B&R Advisory #1 - B&R published an advisory that discusses the PixieFail vulnerabilities.

B&R Advisory #2 - B&R published an advisory that describes an insertion of sensitive information into log file vulnerability.

Beckhoff Advisory #1 - CERT-VDE published an advisory that describes three vulnerabilities in the Beckhoff Device Manager.

Beckhoff Advisory #2 - CERT-VDE published an advisory that describes a cross-site scripting vulnerability in the Beckhoff TwinCAT 3 HMI Server.

Dell Advisory - Dell published an advisory that discusses an improper handling of length parameter inconsistency vulnerability (with publicly available exploits) in their Wyse Management Suite.

Dassault Advisory #1 - Dassault published an advisory that describes a heap-based buffer overflow vulnerability in SOLIDWORKS eDrawings.

Dassault Advisory #2 - Dassault published an advisory that describes an out-of-bounds write vulnerability in their SOLIDWORKS eDrawings.

Hanwha Advisory - Hanwha published an advisory that describes five vulnerabilities in multiple Wisenet cameras from Hanwha.

Hitachi Advisory - Hitachi published an advisory that discusses to allocation of  resources without limit or throttling vulnerabilities in their Cosminexus Component Container.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that discusses the BlastRadius-Fail vulnerability in their FOX61x products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that discusses the BlastRadius-Fail vulnerability in their XMC20 products.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that describes the use of default credentials vulnerability in their SuprOS products.

HPE Advisory - HPE published an advisory that describes three vulnerabilities in their Aruba Fabric Composer product.

Siemens Advisory - Siemens published an advisory that discusses 51 vulnerabilities in their SINEC OS based products.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-2c6 - subscription required.