Sunday, June 7, 2026

Review - Public ICS Disclosures – Week of May 30th, 2026 – Part 2

For Part 2 we have seven additional vendor disclosures from Siemens, Supermicro, TP-Link (4), and Zyxel. There are also three vendor updates from HP (2) and Westermo. Finally, we have two exploits for vulnerabilities in products from Palo Alto Networks. 

Advisories  

Siemens Advisory - Siemens published an advisory that discusses 77 vulnerabilities in their RUGGEDCOM RST2428P (SINEC OS) product. 

Supermicro Advisory - Supermicro published an advisory that describes an OS command injection vulnerability in multiple Supermicro products. 

TP-Link Advisory #1 - TP-Link published an advisory that describes five vulnerabilities in their Tapo C520WS cameras. 

TP-Link Advisory #2 - TP-Link published an advisory that describes an improper input validation vulnerability in their Tapo C520WS cameras. 

TP-Link Advisory #3 - TP-Link published an advisory that describes a stack-based buffer overflow vulnerability in their Tapo C200 cameras. 

TP-Link Advisory #4 - TP-Link published an advisory that describes a cross-site scripting vulnerability in their TL-SG108PE smart switch. 

Zyxel Advisory - Zyxel published an advisory that describes two classic buffer overflow vulnerabilities in multiple Zyxel wireless network products. 

Updates  

HP Update #1 - HP published an update for their Intel Graphics advisory that was originally published on September 22nd, 2025, and most recently updated on March 16th, 2026. 

HP Update #2 - HP published an update for their NVIDIA GPU Display Driver advisory that was originally published on October 30th, 2025, and most recently updated on December 12th, 2025. 

Westermo Update - Westermo published an update for their Viper 3000 Bootloader advisory that was originally published on March 31st, 2026. 

Exploits  

Palo Alto Networks Exploit #1 - Ashraf Zaryouh published an exploit for a reliance on cookies without validation and integrity checking vulnerability in Palo Alto Networks PAN-OS software. 

Palo Alto Networks Exploit #2 - Tushar Gurav published an exploit for a reliance on cookies without validation and integrity checking vulnerability in Palo Alto Networks PAN-OS software. 


For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-may-d94 - subscription required. 

Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */