Review – Public ICS Disclosures – Week of 1-31-26 – Part 2

For Part 2 we have four additional vendor disclosures from Sick (3) and Zyxel. There are seven vendor updates from Broadcom (3), ELECOM (2), HPE, and Moxa. Finally, we have an exploit for products from MySCADA.

Advisories

Sick Advisory #1 - Sick published an advisory that describes 15 vulnerabilities in their TDC-X401GL telematic data collector.

Sick Advisory #2 - Sick published an advisory that describes 12 vulnerabilities
(one with publicly available exploit) in their Incoming Goods Suite.

Sick Advisory #3 - Sick published an advisory that discusses an out-of-bounds read vulnerability in their nanoScan3 and microScan3 products.

Zyxel Advisory - Zyxel published an advisory that describes an OS command injection vulnerability in their ZLD firewalls.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade Fabric advisory that was originally published on January 27^th, 2026.

Broadcom Update #2 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on January 27^th, 2026.

Broadcom Update #3 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on January 27^th, 2026.

ELECOM Update #1 - JPCERT published an update for their ELECOM wireless LAN routers advisory that was originally published on August 27^th, 2024, and most recently updated on February 12^th, 2025.

ELECOM Update #2 - JPCERT published an update for their ELECOM wireless LAN routers advisory that was originally published on March 26^th, 2024, and most recently updated on November 26^th, 2024.

HPE Update - HPE published an update for their HPE ProLiant DL/ML/XD, Alletra, and Synergy Servers advisory that was originally published on December 12^th, 2025, and most recently updated on January 5^th, 2026.

Moxa Update - Moxa published an update for their Diffie-Hellman Key Exchange Protocol advisory that was originally published on June 2^nd, 2025, and most recently updated on January 5^th, 2026.

Exploits

MySCADA Exploit - Indoushka published an exploit for an OS command injection vulnerability in the MySCADA MyPRO Manager product.