Review – Public ICS Disclosures – Week of 2-28-26 – Part 1

This week we have bulk vendor disclosures from Broadcom (23). There are 12 additional vendor disclosures from Belden, Dell, Endress+Hauser, HP (2), HPE, Mettler Toledo, Philips, Sick, and WatchGuard (3). We also have 4 vendor updates from Broadcom (4).

Advisories

Belden Advisory - Belden published an advisory that discusses the BlastRadius.Fail vulnerability.

Dell Advisory - Dell published an advisory that discusses 86 vulnerabilities in their ThinOS product.

Endress+Hauser Advisory - CERT-VDE published an advisory that discusses an out-of-bounds write vulnerability in the Endress+Hauser CC 100 and PFC 200 products.

HP Advisory #1 - HP published an advisory that describes an incorrect default permissions vulnerability in their Event Utility product.

HP Advisory #2 - HP published an advisory that describes a use of hard-coded cryptographic key vulnerability in their SIP Service Providers products.

HPE Advisory - HPE published an advisory that describes six vulnerabilities in their Aruba Networking Wireless Operating Systems.

Mettler Toledo Advisory - CERT-VDE published an advisory that discusses an HTTP request/response smuggling vulnerability (with publicly available exploit) in the Mettler Toledo LabX product.

Philips Advisory - Philips published an advisory that discusses two Cisco Secure Firewall Management Center vulnerabilities.

Sick Advisory - Sick published an advisory that describes two files or directories accessible to external parties vulnerabilities in their Lector85x and Lector83x products.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an expected behavior violation vulnerability in their FirewareOS products.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS Web UI products.

WatchGuard Advisory #3 - WatchGuard published an advisory that describes an out-of-bounds write vulnerability in their Fireware OS products.

Updates

Broadcom Update #1 - Broadcom published an update for their Fabric OS Web application advisory that was originally published on May 10^th, 2021.

Broadcom Update #2 - Broadcom published an update for their Fabric OS advisory that was originally published on September 27^th, 2024, and most recently updated on January 28^th, 2026.

Broadcom Update #3 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 15^th, 2024, and most recently updated on February 19^th, 2026.

Broadcom Update #4 - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 8^th, 2025, and most recently updated on February 19^th, 2026.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-04b - subscription required.