Review – Public ICS Disclosures – Week of 3-7-26 – Part 2 -

For Part 2 we have additional 14 vendor disclosures from Delta Electronics, Janitza, Mitsubishi, Moxa (4), NI (2), Palo Alto Networks (3), Philips, and Ruckus. Part 3 is in the works.

Advisories

Delta Advisory - Delta published an advisory that describes two vulnerabilities in their COMMGR 2 product

Janitza Advisory - CERT-VDE published an advisory that describes four vulnerabilities in the Janitza UMG 96RM-E products.

Mitsubishi Advisory - Mitsubishi published an advisory that describes an improper validation of specified index, position, or offset vulnerability in their CNC Series products.

Moxa Advisory #1 - Moxa published an advisory that discusses a GNU argument injection vulnerability.

Moxa Advisory #2 - Moxa published an advisory that discusses three vulnerabilities in their DA Series products.

Moxa Advisory #3 - Moxa published an advisory that discusses three vulnerabilities in their DA Series products.

Moxa Advisory #4 - Moxa published an advisory that discusses an insufficient flow control management vulnerability in their DA Series products.

NI Advisory #1 - NI published an advisory that describes two out-of-bounds write vulnerabilities in their Digilent DASYLab product.

NI Advisory #2 - NI published an advisory that describes two out-of-bounds read vulnerabilities in their Digilent DASYLab product.

PAN Advisory #1 - PAN published an advisory that discusses eight vulnerabilities (one with publicly available exploits and listed in CISA’s KEV catalog) in their Prima Browser product.

PAN Advisory #2 - PAN published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their Cortex XDR Agent.

PAN Advisory #3 - PAN published an advisory that describes an exposure of sensitive information to an unauthorized control sphere in their Cortex XDR Broker VM product.

Philips Advisory - Philips published an advisory that discusses the Stryker cyberattack.

Ruckus Advisory - Ruckus published an advisory that discusses the AirSnitch vulnerabilities.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-194 - subscription required.