Review – Public ICS Disclosures – Week of May 30th, 2026 – Part 1

This week we have a moderately busy disclosure week. For Part 1 there are 12 vendor disclosures from Arista, Dassault Sytems (2), D-Link, Eaton, HP, HPE (2), MBS, NI, Phillips, and Phoenix Contact. 

Advisories  

Arista Advisory - Arista published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability (with publicly available exploit) in their EOS platform products. 

Dassault Advisory #1 - Dassault published an advisory that describes a cross-site scripting vulnerabbility in their Process Experience Studio in DELMIA Service Process Engineer. 

Dassault Advisory #2 - Dassault published an advisory that describes a deserialization of untrusted data vulnerability in their Teamwork Cloud from No Magic product. 

D-Link Advisory - D-Link published an advisory that describes a use of weak credentials vulnerability in their DWR-X1820 router. 

Eaton Advisory - Eaton published an advisory that discusses a TOCTOU race condition vulnerabiltiy in their ProView NXG application software. 

HP Advisory - HP published an advisory that describes a stack-based buffer overflow vulnerability (with publicly available exploit) in their Poly Voice products. 

HPE Advisory #1 - HPE published an advisory that discusses ten vulnerabilities (four with publicly available exploits) in their Telco Network Function Virtualization Orchestrator. 

HPE Advisory #2 - HPE published an advisory that discusses a TOCTOU race condition vulnerability in their ArubaOS-CX Switches. 

MBS Advisory - CERT-VDE published an advisory that describes 11 vulnerabilities in the MBS Universal Gateways (UGW-A-Series, UGW-X-Series) used in multiple MBS products.3 

NI Advisory - NI published an advisory that describes two vulnerabilities in their NI-PAL product. 

Philips Advisory - Philips published an advisory that discusses the Windows’ BlueHammer, RedSun, and UnDefend vulnerabilities. 

Phoenix Contact Advisory - Phoenix Contact published an advisory that describs an exposure of sensitive information to an unauthorized actor vulnerability in their CHARX SEC-3150 product. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-may - subscription required.