Review - Public ICS Disclosures – Week of 4-25-26 – Part 2

 For Part 2 we have three additional Moxa, TP-Link, and Zyxel. There are bulk vendor updates from Moxa (6). There are three additional vendor updates from Hitachi Energy (2) and HP. There is a researcher report for vulnerabilities in products from EnOcean. Finally, we have two exploits for products from SolarEdge. 

Moxa Advisory - Moxa published an advisory that describes two vulnerabilities in their Secure Router products. 

TP-Link Advisory - TP-Link published an advisory that describes an authentication bypass by spoofing vulnerability (listed in CISA’s Known Exploited Vulnerabilities catalog) in legacy TP-Link Router and Access Point products. 

Zyxel Advisory - Zyxel published an advisory that describes two OS command injection vulnerabilities in multiple Zyxel products. 

Bulk Vendor Updates – Moxa  

• CVE-2025-0676: Command Injection Leading to Privilege Escalation in Secure Routers, Cellular Routers, Network Security Appliances,  

• CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches,  

• CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches,  

• CVE-2025-6892, CVE-2025-6893, CVE-2025-6894, CVE-2025-6949, CVE-2025-6950: MultipleVulnerabilities in Network Security Appliances and Routers,  

• Privilege Escalation and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances, and  

• CVE-2025-0415: Command Injection Leading to Denial-of-Service in Secure Routers, Cellular Routers, and Network Security Appliances. 

Updates  

Hitachi Energy Update #1 - Hitachi Energy published an update for their GMS600 advisory that was originally published on June 27th, 2023. 

Hitachi Energy Update #2 - Hitachi Energy published an update for their Web Services advisory that was originally published on October 29th, 2024. 

HP Update - HP published an update for their SECOMNService advisory that was originally published on October 15th, 2025. 

Researcher Reports  

EnOcean Report - Claroty published a report that describes two vulnerabilities in the EnOcean SmartServer IoT platform. 

Exploits  

SolarEdge Exploit #1 - Nu11secur1ty published an exploit for a cross-site scripting vulnerability in the SolarEdge product. 

SolarEdge Exploit #2 - Nu11secur1ty published an exploit for a cross-site scripting vulnerability in the SolarEdge product. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-a0a - subscription required.