For Part 2 we have seven additional vendor disclosures from Trumpf, VMware (2), Wireshark (3), and Zyxel. There are ten vendor updates from FortiGuard (3), Hitachi Energy, HP (2), Moxa, and Siemens (3). There are 14 researcher reports for products from Owl (11), and Tattile (3). Finally, we have two exploits for products from Supermicro and Tesla.
Advisories
Trumpf Advisory -
CERT-VDE published an
advisory that discusses a least privilege violation vulnerability in multiple
Trumpf products.
VMware Advisory #1 - Broadcom published an
advisory that describes four vulnerabilities in the VMware Workstation and
Fusion products.
VMware Advisory #2 - Broadcom published an
advisory that describes three vulnerabilities in the VMware Aria Operations
product.
Wireshark Advisory #1 - Wireshark published an advisory
that describes a buffer over-read vulnerability in their RF4CE Profile
dissector.
Wireshark Advisory #2 - Wireshark published an advisory
that describes a NULL pointer dereference vulnerability in their NTS-KE
dissector.
Wireshark Advisory #3 - Wireshark published an advisory
that describes an allocation of resources without limit or throttling
vulnerability in their USB HID dissector.
Zyxel Advisory - Zyxel published an advisory that describes seven vulnerabilities in multiple Zyxel product lines.
Updates
FortiGuard Update #1 - FortiGuard published an update for their FortiOS
advisory that was originally published on February 10th, 2026.
FortiGuard Update #2 - FortiGuard published an update for their OpenSSL
advisory that was originally published on January 30th, 20276, and
most recently updated on February 17th, 2026.
FortiGuard Update #3 - FortiGuard published an update for their cw_acd
daemon advisory that was originally published on January 13th, 2026,
and most recently updated on January 19th, 2026.
Hitachi Energy Update
- Hitachi Energy published an
update for their RTU500 advisory that was originally published on April 30th,
2024, and most recently updated on September 9th, 2025.
HP Update #1 - HP published an
update for their Intel Xeon Processor advisory that was originally
published on October 29th, 2025.
HP Update #2 - HP published an
update for their AMD Embedded Processors advisory that was originally
published on September 30th, 2025.
Moxa Update #1 - Moxa published an
update for their Ethernet Switches advisory that was originally published
on January 9th, 2026.
Moxa Update #2 - Moxa published an
update for their EDS-P510 Series advisory that was originally published on
November 8th, 2025.
Siemens Update #1 - Siemens published an update for
their SINEC OS advisory that was originally published on August 12th,
2025, and most recently updated on February 12th, 2026.
Siemens Update #2 - Siemens published an
update for their SINEC OS advisory that was originally published on August
12th, 2025, and most recently updated on February 12th,
2026.
Siemens Update #3 - Siemens published an update for their SINEC OS advisory that was originally published on January 28th, 2026.
Researcher Reports
Owl Reports - Nozomi
Networks published 11 reports describing
vulnerabilities in the Owl OPDS data diode solution.
Tattile Reports - Zero Science published three reports about vulnerabilities in Tattile Cameras.
Exploits
Supermicro Exploit -
Indoushka published an
exploit for an old (2013) improper restriction of operations within the
bounds of a memory buffer vulnerability in the Supermicro Onboard IPMI X9SCL.
Tesla Exploit - Nullze
published an exploit
for a denial-of-service vulnerability in the Tesla S/3/X.
For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-5e6 - subscription required.
Posts
