Review – Public ICS Disclosures – Week of 5-16-26 – Part 1

This was a moderately busy disclosure week. We have bulk vendor disclosures from Splunk (15). There are 11 additional vendor disclosures from Arista, Broadcom (4), CODESYS, Hitachi, and HP (4). 

Advisories  

Bulk Vendor Disclosures – Splunk (15). 

Arista Advisory - Arista published an advisory that discusses a use after free vulnerability in multiple Arista products. 

Broadcom Advisory #1 - Broadcom published an advisory that discusses three vulnerabilities (one with publicly available exploits) in their ASCG 3.4.0b for container-tools. 

Broadcom Advisory #2 - Broadcom published an advisory that discusses a path traversal vulnerability (with publicly available exploit) in their Brocade ASCG product. 

Broadcom Advisory #3 - Broadcom published an advisory that discusses eleven vulnerabilities (four with publicly available exploits) in their Brocade ASCG3.4.0b Base OS. 

Broadcom Advisory #4 - Broadcom published an advisory that discusses 33 vulnerabilities in their Brocade ASCG3.4.0b Base OS. 

CODESYS Advisory - CODESYS published an advisory that describes an insufficiently protected credentials vulnerability in their CODESYS Visualization product. 

Hitachi Advisory - Hitachi published an advisory that discusses 41 vulnerabilities in their Disk Array Systems. 

HP Advisory #1 - HP published an advisory that describes two vulnerabilities in their Linux Imaging and Printing software. 

HP Advisory #2 - HP published an advisory that discusses a use of hard-coded cryptographic key vulnerability in their ZGX Nano G1n AI Station. 

HP Advisory #3 - HP published an advisory that describes an information disclosure vulnerability in their ScanJet Pro and ScanJet Enterprise printers. 

HP Advisory #4 - HP published an advisory that discusses eleven vulnerabilities in multiple HP product lines. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-adf - subscription required.