Review - Public ICS Disclosures – Week of 6-6-26 – Part 2

For Part 2 we have 29 bulk vendor disclosures from Palo Alto Networks (11), Siemens (6), and Splunk (12). We also have 11 additional vendor disclosures from MBS, Mettler Toledo, Moxa, Omicron Energy, Schneider (3), Supermicro, and TP-Link (3). Watch for Part 3 tomorrow. 

Bulk Vendor Disclosures  

Palo Alto Networks (11) 

Siemens (6) 

Splunk (12) 

Advisories  

MBS Advisory - CERT-VDE published an advisory that describes 10 vulnerabilities in the MBS Universal Gateways (UGW-A-Series, UGW-X-Series) connect devices. 

Mettler Advisory - CERT-VDE published an advisory that discusses 21 vulnerabilities in the Mettler LabX Standard. 

Moxa Advisory - Moxa published an advisory that describes two vulnerabilities in their Industrial Computers. 

Omicron Advisory - Omicron published an advisory that discusses six vulnerabilities (three with publicly available exploits) in multiple Omicron products. 

Schneider Advisory #1 - Schneider published an advisory that describes an improper restriction of XML external Entity reference vulnerability in their EcoStruxure IT Data Center Expert. 

Schneider Advisory #2 - Schneider published an advisory that describes two vulnerabilities in their EasyLogic T150 RTU and Saitel DP Remote Terminal Unit & Controller products. 

Schneider Advisory #3 - Schneider published an advisory that describes three vulnerabilities in their PowerLogic P7 product. 

Supermicro Advisory - Supermicro published an advisory that discusses an improper access control for register interface vulnerability on their server H13, and H14 motherboards. 

TP-Link Advisory #1 - TP-Link published an advisory that describes a use of externally-controlled format string vulnerability in their Tapo C110 WiFi camera. 

TP-Link Advisory #2 - TP-Link published an advisory that describes an OS command injection vulnerability in their Archer Routers. 

TP-Link Advisory #3 - TP-Link published an advisory that describes an OS command injection vulnerability in their Archer Routers. 

For more information on these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-c2a - subscription required.