Review – Public ICS Disclosures – Week of 1-31-26 – Part 1

This week we have a moderately busy disclosure week. For Part 1 there nine are vendor disclosures from Cisco, Delta Electronics, Eaton, ELECOM (2), HP, Moxa (2), and Pilz.

Advisories

Cisco Advisory - Cisco published an advisory that describes a use of hard-coded credentials vulnerability in their Prime Infrastructure product.

Delta Advisory - Delta published an advisory that describes a stack-based buffer overflow vulnerability in their ASDA-Soft product.

Eaton Advisory - Eaton published an advisory that describes two improper certificate validation vulnerabilities in their Network Cards products.

ELECOM Advisory #1 - JPCERT published an advisory that describes five vulnerabilities in multiple ELECOM wireless LAN routers.

ELECOM Advisory #2 - JPCERT published an advisory that describes four vulnerabilities in multiple ELECOM wireless LAN products.

HP Advisory - HP published an advisory that discusses 287 vulnerabilities in their ThinPro products.

Moxa Advisory #1 - Moxa published an advisory that describes two vulnerabilities in the industrial computers.

Moxa Advisory #2 - Moxa published an advisory that describes a reliance on security through obscurity vulnerability in their Ethernet Switches.

Pilz Advisory - CERT-VDE published an advisory that discusses four vulnerabilities in the Pilz PIT User Authentication Service.

 

For more information on these disclosures, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-844 - subscription required.