This is a relatively light disclosure week. We have bulk vendor disclosures from QNAP (5). We have additional 10 vendor disclosures from Dassault Systems, Dell, HPE (3), Philips, Pheonix Contact, Rockwell Automation, Splunk, and TP-Link. We have bulk vendor updates from HP (6). There are two additional vendor updates from Dell and Siemens. Finally, we have 11 researcher reports for products from Hikvision and TP-Link (10).
Bulk Vendor Disclosures – QNAP
• Multiple
Vulnerabilities in QuNetSwitch (ADRA NDR),
• Vulnerability in
Media Streaming Add-on,
• Multiple
Vulnerabilities in QuRouter (PWN2OWN 2025), and
• Vulnerability in QuFTP Service.
Advisories
Dassault Advisory -
Dassault published an
advisory that describes a code injection vulnerability in their SOLIDWORKS
Desktop.
Dell Advisory - Dell
published an
advisory that describes three vulnerabilities in their ThinOS 10 product.
HPE Advisory #1 - HPE published an
advisory that discusses four vulnerabilities in their B-Series SANnav
Management Portal product.
HPE Advisory #2 - HPE published an
advisory that discusses seven vulnerabilities in their SAN Switches.
HPE Advisory #3 - HPE published an
advisory that discusses a stack-based buffer overflow vulnerability in
their Telco Service Orchestrator.
Philips Advisory -
Philips published an
advisory that discussed a Java
security library vulnerability.
Pheonix Contact
Advisory - Pheonix Contact published an
advisory that discusses eight vulnerabilities in their FL SWITCH product
lines.
Rockwell Advisory -
Rockwell published an
advisory that discusses a potential threat actor that is actively targeting
Rockwell Automation controllers.
Splunk Advisory -
Splunk published an
advisory that discusses an improper check for unusual or exceptional
conditions vulnerability in their Universal Forwarder product.
TP-Link Advisory - TP-Link published an advisory that describes two vulnerabilities in their TP-Link Archer AX53 product.
Bulk Vendor Updates – HP
• Intel
NPU Driver February 2026 Security Update,
• Intel
Chipset Firmware August 2025 Security Update,
• Intel
NPU Driver November 2025 Security Update,
• Intel
Processor Stream Cache August 2025 Security Update,
• Intel
Chipset Firmware February 2026 Security Update,
• Intel Graphics Software August 2025 Security Update
Updates
Dell Update - Dell
published an
update for their Wyse Management Suite advisory that was originally
published on February 24th, 2026.
Siemens Update - Siemens published an update for their SIMATIC S7-1500 advisory that was originally published on March 10th, 2026, and most recently updated on March 13th, 2026.
Researcher Reports
Hikvision Report -
Cisco Talos published a
report that describes a stack-based buffer overflow vulnerability (with
proof-of-concept code) in the Hikvision Ultra Face Recognition Terminal.
TP-Link Reports -
Cisco Talos published ten
reports describing vulnerabilities in the TP-Link Archer AX53 AX3000 Dual
Band Gigabit Wi-Fi 6 Router.
For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-632 - subscription required.
Posts
No comments:
Post a Comment