Review – Public ICS Disclosures – Week of 1-24-26 – Part 2

For Part 2 we have six additional vendor disclosures from dormakaba (3), Splunk, and WatchGuard (2). We have bulk vendor updates from Broadcom (7). There are six additional vendor updates from HP, HPE (3), Palo Alto Networks, and VMware. We also have a researcher report on vulnerabilities in products from IDIS. Finally, we have an exploit for products from Advantech.

Advisories

Dormakaba Advisory #1 - Dormakaba published an advisory that describes 12 vulnerabilities in their Access Manager product.

Dormakaba Advisory #2 - Dormakaba published an advisory that describes seven vulnerabilities in their Kaba exos 9300 systems.

Dormakaba Advisory #3 - Dormakaba published an advisory that describes a debug messages revealing unnecessary information vulnerability in their registration Unit 9002 Generation K5.

Splunk Advisory - Splunk published an advisory that discusses an improper handling of length parameter inconsistency vulnerability (with publicly available exploits, listed in CISA’s KEV catalog) in their Enterprise product.

WatchGuard Advisory #1 - WatchGuard published an advisory that discusses a privilege escalation vulnerability in their Mobile VPN with IPSec client for Windows.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes an LDAP injection vulnerability in their Fireware OS product.

Bulk Vendor Updates – Broadcom

• Brocade Fabric OS (10.x and 9.2.x Releases) Vulnerability Disclosures,

• OS command injection vulnerability in OpenSSH (CVE-2023-51385),

• Brocade ASCG Vulnerability Disclosures,

• Brocade SANnav Vulnerability Disclosures,

• CVE-2023-31928 - XSS vulnerability in Brocade Webtools,

• Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3, and

• Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module.

Bulk Vendor Updates – Hitachi Energy

• Cybersecurity Advisory - Reboot Vulnerability in Hitachi Energy Relion 670/650 and SAM600-IO series products,

• Cybersecurity Advisory - Improper Input Validation Vulnerability in Hitachi Energy’s Relion® 670/650/SAM600-IO series Product,

• Cybersecurity Advisory - OpenSSL Vulnerabilities in Hitachi Energy’s Relion® 670, 650, SAM600-IO series Product,

• Cybersecurity Advisory - Update package validation Vulnerability in Hitachi Energy’s Relion® 670, 650 and SAM600-IO Series Products, and

• Cybersecurity Advisory - IEC 61850 MMS-Server Vulnerability in Hitachi Energy’s Relion® 670, 650 series and SAM600-IO Products.

Updates

HP Update - HP published an update for their Intel Ethernet I219 Software advisory that was originally published on February 11^th, 2025, and most recently updated on April 24^th, 2025.

HPE Update #1 - HPE published an update for their OneView Software advisory that was originally published on December 17^th, 2025, and most recently updated on December 26^th, 2025.

HPE Update #2 - HPE published an update for their Aruba Networking Virtual Intranet Access advisory that was originally published on January 13^th, 2026.

HPE Update #3 - HPE published an update for their Aruba Networking AOS-8 advisory that was originally published on January 13^th, 2026.

Palo Alto Networks Update - PAN published an update for their GlobalProtect Gateway and Portal advisory that was originally published on January 14^th, 2026, and most recently updated on January 16^th, 2026.

VMware Update - Broadcom published an update for the VMware vCenter Server advisory that was originally published on June 17^th, 2024.

Researcher Reports

IDIS Report - Claroty published a report that describes an argument injection vulnerability in the IDIS ICM Viewer.

Exploits

Advantech Exploit - Indoushka published an exploit for an SQL Injection vulnerability in the Advantech IoTSuite and IoT Edge products.

 

For more information about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-2c5 - subscription required.