Review – Public ICS Disclosures – Week of 3-29-25 – Part 1

This week we have 18 vendor disclosures from Honeywell (3), HP, HPE, Inaba Denki Sangyo (2), JTEKT (2), Meinberg, PcVue, Philips (3), and SEL (4).

Advisories

Honeywell Advisory #1 - Honeywell published an end-of-life notice for their PWLP Mercury Series 3/LP Series Intelligent Controllers.

Honeywell Advisory #2 - Honeywell published an end-of-life notice for their 30 Series 5MP Fisheye Camera.

Honeywell Advisory #3 - Honeywell published an end-of-life notice for their VMS R670 & R700 / NVR6.7 & R7.0.

HP Advisory - HP published an advisory that discusses three vulnerabilities in multiple HP products.

HPE Advisory - HPE published an advisory that describes two vulnerabilities (one with publicly available exploit) in their Aruba Networking Virtual Intranet Access (VIA) Client.

IDS Advisory - JP-CERT published an advisory that describes eight vulnerabilities in the IDS Wi-Fi AP UNIT 'AC-WPS-11ac series'.

JTEKT Advisory #1 - JTEKT published an advisory that describes six vulnerabilities in their HMI View Jet C-more series.

JTEKT Advisory #2 - JTEKT published an advisory that describes two vulnerabilities in their HMI GC-A2 series.

Meinberg Advisory - Meinberg published an advisory that discusses five vulnerabilities in their Lantime product.

PcVue Advisory - PcVue published an advisory that discusses a NULL pointer dereference vulnerability in their IEC 61850 client driver and the ICCP client add-on in PcVue.

Philips Advisory #1 - Philips published an advisory that discusses an authorization bypass (CVE-2025-29927) that affects Next.js.

Philips Advisory #2 - Philips published an advisory that discusses a Chromium sandbox escape vulnerability that is listed in the CISA Known Exploited Vulnerabilities catalog.

Philips Advisory #3 - Philips published an advisory that discusses a recent Oracle Health data breach.

SEL Advisory #1 - SEL published a software update notice that reports cybersecurity upgrades in their SEL-5052 Server Software.

SEL Advisory #2 - SEL published a software update notice that reports cybersecurity upgrades in their SEL Compass product.

SEL Advisory #3 - SEL published a software update notice that reports cybersecurity upgrades in their SEL-5030 acSELerator QuickSet Software.

SEL Advisory #4 - SEL published a software update notice that reports cybersecurity upgrades in their SEL-5033 acSELerator RTAC Software.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-81f - subscription required.

Review – Public ICS Disclosures – Week of 1-21-23

This week we have an OpenSSL 3.0 advisory from Dell. We have seven vendor disclosures from Carrier, Contec, GE Grid Solutions, Meinberg, Omron, and PulseSecure (2). We also have three vendor updates from CODESYS, HPE, and PcVue. Finally, we have 16 researcher reports for products from Siretta (14), Zyxel, and Delta Electronics.

Open SSL 3.0 Advisories

Dell published an advisory that discusses the OpenSSL 3.0 vulnerabilities.

Vendor Advisories

Carrier Advisory - Carrier published an advisory that discusses multiple authentication bypass vulnerabilities in their WebCTRL® and i-Vu® software.

Contec Advisory - Contec published an advisory that describes an SQL injection vulnerability in the Contec CONPROSYS HMI System.

GE Grid Solutions Advisory - GE Grid Solutions published an advisory for their DS Agile Distributed Control System.

Meinberg Advisory - Meinberg published an advisory that discusses eight vulnerabilities in their LANTIME product.

Omron Advisory - JP Cert published an advisory that describes an improper restriction of an XML entity reference vulnerability in the OMRON CX-Motion Pr.

PulseSecure Advisory #1 - PulseSecure published an advisory that discusses a use-after-free vulnerability.

PulseSecure Advisory #2 - PulseSecure published an advisory that discusses a double free vulnerability.

Vendor Updates

CODESYS Update - CODESYS published an update for their Control V3 communication server advisory that was originally published on November 22nd, 2022 and most recently updated on December 14^th, 2022.

HPE Update - HPE published an update for their IceWall advisory that was originally published on March 9^th, 2018 and most recently updated on May 26^th, 2021.

PcVue Update - PcVue published an update for their email and SMS accounts advisory that was originally published on November 25^th, 2022 and most recently updated on December 20^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-354-03) to reflect this information.

Researcher Reports

Siretta Report #1 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing 46 stack-based buffer overflow vulnerabilities.

Siretta Report #2 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #3 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing four command injection vulnerabilities.

Siretta Report #4 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a heap-based buffer overflow vulnerability.

Siretta Report #5 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a file write vulnerability.

Siretta Report #6 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a leftover debug code vulnerability.

Siretta Report #7 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #8 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #9 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #10 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a stack-based buffer overflow vulnerability.

Siretta Report #11 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #12 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing an OS command injection vulnerability.

Siretta Report #13 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a directory traversal vulnerability.

Siretta Report #14 - Talos published a report for the Siretta QUARTZ-GOLD industrial router describing a stack-based buffer overflow vulnerability.

Zyxel Report - Positive Technologies published a report describing an improper check for unusual or exceptional conditions vulnerability in Zyxel switches.

Delta Report - Tenable published a report describing a privilege escalation vulnerability in the Delta Electronics InfraSuite Device Master.

 

For more details about these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-e09 - subscription required.

Review – Public ICS Disclosures – Week of 11-19-22

This week we have twenty-one vendor disclosures from ABB, Aruba Networks, Belden (3), Bosch, B&R, HPE (2), Johnson and Johnson, Miele, Mitsubishi (2), Moxa (2), Omron, PcVue, Pilz (3), Unified Automation. We have two vendor updates from Mitsubishi and Schneider. Finally, we have three researcher reports of vulnerabilities in products from Callback Technologies.

Vendor Advisories

ABB Advisory - ABB published an advisory that discusses seven vulnerabilities (two with known exploits) in their ARM600 M2M Gateway.

Aruba Advisory - Aruba published an advisory that describes thirteen vulnerabilities in their EdgeConnect Enterprise product.

Belden Advisory #1 - Belden published an advisory that describes 23 vulnerabilities in their Hirschmann BAT-C2 product.

Belden Advisory #2 - Belden published an advisory that discusses an infinite loop vulnerability (with known exploit) in their Hirschmann HiLCOS products.

Belden Advisory #3 - Belden published an advisory that describes a command injection vulnerability in their Hirschmann BAT-C2.

Bosch Advisory - Bosch published an advisory that discusses 67 vulnerabilities (some with known exploits) in their PRA-ES8P2S Ethernet-Switch.

B&R Advisory - B&R published an advisory that discusses a link following vulnerability in a variety of their products.

HPE Advisory #1 - HPE published an advisory that discusses an information disclosure vulnerability in their IceWall Products.

HPE Advisory #2 - HPE published an advisory that describes four code execution vulnerabilities in their Cloudline CL2100/CL2200 Gen10 Servers.

J&J Advisory - J&J published an advisory that discusses the PrintNightmare vulnerability in their CARTO® 3 System.

Miele Advisory - CERT-VDE published an advisory that describes an authorization bypass through user-controlled key vulnerability in the Miele.

Mitsubishi Advisory #1 - Mitsubishi published an advisory that describes ten vulnerabilities in multiple FA Engineering Software products.

Mitsubishi Advisory #2 - Mitsubishi published an advisory that describes a denial-of-service vulnerability in their GOT2000 Series.

Moxa Advisory #1 - Moxa published an advisory that describes two vulnerabilities in multiple router products.

Moxa Advisory #2 - Moxa published an advisory that describes a privilege escalation vulnerability in their TN-5916 Series routers.

Omron Advisory - JP Cert published an advisory that describes three vulnerabilities in the Omron CX-Programmer.

PcVue Advisory - PcVue published an advisory that describes a clear-text storage of sensitive information vulnerability in PcVue product.

Pilz Advisory #1 - Pilz published an advisory that describes a path traversal vulnerability in several Pilz products.

Pilz Advisory #2 - Pilz published an advisory that describes two vulnerabilities (one with known exploit) in their PASvisu HMI solution.

Pilz Advisory #3 - Pilz published an advisory that describes two path traversal vulnerabilities (one with known exploit) in several Pilz products.

Unified Automation - Unified Automation published an advisory that discusses an incorrect permission assignment for critical resource vulnerability in their OPC UA SDK.

Vendor Updates

Mitsubishi Update - Mitsubishi published an update for their Ethernet Port advisory that was originally published on November 30^th, 2021 and most recently updated on July 26^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-21-334-02) for this new information, almost certainly because of the Thanksgiving holiday. I expect we will see that update this coming week.

Schneider Update - Schneider published an update for their APC Smart UPS advisory that was originally published on March 8^th, 2022 and most recently updated on August 19^th, 2022.

Researcher Reports

Callback Report #1 - Talos published a report describing a NULL pointer dereference vulnerability in the Callback CBFS Filter.

Callback Report #2 - Talos published a report describing a NULL pointer dereference vulnerability in the Callback CBFS Filter.

Callback Report #3 - Talos published a report describing a NULL pointer dereference vulnerability in the Callback CBFS Filter.

 

For more details on these disclosures, including links to third-party reports, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-6d2 - subscription required.

Review – Public ICS Disclosures – Week of 9-17-22

This week we have seventeen vendor disclosures from Bosch, Festo, HPE (3), Insyde (7), PcVue (2), Rockwell, Tanzu, and Western Digital. We also have an update from PcVue.

Bosch Advisory - Bosch published an advisory that describes an information disclosure vulnerability in their VIDEOJET Decoder VJD-7513.

Festo Advisory - CERT-VDE published an advisory that describes an improper privilege management vulnerability in the Festo Festo control block CPX-CEC-C1 and CPX-CMXX.

HPE Advisory #1 - HPE published an advisory that discusses an information disclosure vulnerability in their Edgeline Servers.

HPE Advisory #2 - HPE published an advisory that discusses a privilege escalation vulnerability in their Edgeline Servers.

HPE Advisory #3 - HPE published an advisory that discusses 28 vulnerabilities in their SAN switches.

Insyde Advisory #1 - Insyde published an advisory that describes an SMM arbitrary code execution vulnerability in their InsydeH2O product.

Insyde Advisory #2 - Insyde published an advisory that describes a memory leak vulnerability in their InsydeH2O product.

Insyde Advisory #3 - Insyde published an advisory that describes an arbitrary code execution vulnerability in their InsydeH2O product.

Insyde Advisory #4 - Insyde published an advisory that describes a memory corruption vulnerability in their InsydeH2O product.

Insyde Advisory #5 - Insyde published an advisory that that describes a memory corruption vulnerability in their InsydeH2O product.

Insyde Advisory #6 - Insyde published an advisory that describes a memory leak vulnerability in their InsydeH2O product.

Insyde Advisory #7 - Insyde published an advisory that describes a memory corruption vulnerability in their InsydeH2O product.

PcVue Advisory #1 - PcVue published an advisory that describes a sensitive information in log file vulnerability in their PcVue 15 product.

PcVue Advisory #2 - PcVue published an advisory that discusses an access of uninitialized pointer vulnerability in their PcVue product.

Rockwell Advisory - Rockwell published an advisory that describes a heap-based buffer overflow vulnerability in their ThinManager ThinServer software.

Tanzu Advisory - Tanzu published an advisory that describes an information disclosure vulnerability in their Spring Data REST product.

Western Digital Advisory - Western Digital published an advisory that describes a use of weak hash vulnerability in their WD Discovery products.

PcVue Update - PcVue published an update for their OAuth configuration advisory that was originally published on August 8^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-235-01) to reflect this new information.

 

For more details on these disclosures, including links to third-party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/publish/post/74741456 - subscription required.

Review – Public ICS Disclosures – Week of 8-6-22 – Part 1

This Saturday after the second Tuesday we have a large slate of disclosures to look at. For Part 1, we have 24 vendor disclosures from Auma, Fujitsu, HP (7), HPE (6), Keysight Technologies, Palo Alto Networks (2), PcVue, Schneider (4), and Sick.

Auma Advisory - CERT-VDE published an advisory that discusses 73 vulnerabilities in the Auma SIMA Master Station.

Fujitsu Advisory - Fujitsu published an advisory that discusses three vulnerabilities in a number of Fujitsu products.

HP Advisory #1 - HP published an advisory that discusses 14 vulnerabilities in a wide variety of their PCs, notebooks and workstations.

HP Advisory #2 - HP published an advisory that discusses an improper restriction of XML external entity reference vulnerability in a wide variety of their PCs, notebooks and workstations.

HP Advisory #3 - HP published an advisory that discusses an improper restriction of XML external entity reference vulnerability (with a known exploit) in a wide variety of their PCs, notebooks and workstations.

HP Advisory #4 - HP published an advisory that discusses four vulnerabilities in a wide variety of their PCs, notebooks and workstations.

HP Advisory #5 - HP published an advisory that discusses three vulnerabilities in in a wide variety of their PCs, notebooks and workstations.

HP Advisory #6 - HP published an advisory that discusses four vulnerabilities in a wide variety of their PCs, notebooks and workstations.

HP Advisory #7 - HP published an advisory that discusses an information disclosure vulnerability in a wide variety of their PCs, notebooks and workstations.

HPE Advisory #1 - HPE published an advisory that discusses a privilege escalation vulnerability in their HPE ProLiant DL Servers.

HPE Advisory #2 - HPE published an advisory that discusses an information disclosure vulnerability in their ProLiant DL/ML Servers.

HPE Advisory #3 - HPE published an advisory that discusses an information disclosure vulnerability in their ProLiant DX Servers.

HPE Advisory #4 - HPE published an advisory that discusses a privilege escalation vulnerability in their Synergy Servers.

HPE Advisory #5 - HPE published an advisory that discusses an information disclosure vulnerability in their Synergy Servers.

HPE Advisory #6 - HPE published an advisory that discusses a privilege escalation vulnerability ProLiant DX Servers.

Keysight Advisory - INCIBE-CERT published an advisory that describes two vulnerabilities in the Keysight Sensor Management Server.

Palo Alto Networks Advisory #1 - Palo Alto Networks published an advisory that describes a reduced effectiveness of their Cortex XDR Agent anti-ransomware endpoint protection module.

Palo Alto Networks Advisory #2 - Palo Alto Networks published an advisory that describes a reflected amplification DOS vulnerability in their PAN-OS.

PcVue Advisory - PcVue published an advisory that describes a clear-text storage of sensitive information in their PcVue OAuth web service.

Schneider Advisory #1 - Schneider published an advisory that describes a weak password recovery vulnerability in their EcoStruxure™ Control Expert , EcoStruxure™ Process Expert, Modicon M580 and M340 products.

Schneider Advisory #2 - Schneider published an advisory that describes an integer underflow vulnerability in their Modicon PAC Controllers.

Schneider Advisory #3 - Schneider published an advisory that describes an improper restriction of operations within the bounds of a memory buffer.

Schneider Advisory #4 - Schneider published an advisory that describes an information disclosure vulnerability in their Modicon PAC Controllers.

Sick Advisory - Sick published an advisory that discusses an infinite loop vulnerability in their SIM products. This is a third-party (OpenSSL).

 

For more details on these advisories, including links to third-party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-e7f - subscription required.

Review - Public ICS Disclosures – Week of 2-26-22

This week we have twelve vendor disclosures from ABB, Beckhoff, Broadcom (2), B&R Automation, Delta Industrial Automation, Gerbv, OMRON, PcVue Solutions, Tanzu (2), and VMware. We also have two end-of-life notices from We have one researcher report for products from Swift Sensors. Finally, we have four exploits reported for products from WAGO, Hikvision, Axis, and the PwnKit vulnerability.

ABB Advisory - ABB published an advisory describing a denial of service vulnerability in their AC 800M MMS.

Beckhoff Advisory - Beckhoff published an advisory discussing a NULL pointer dereference vulnerability in their products with OPC UA technology.

NOTE: This vulnerability may be found in other vendor products utilizing OPC UA technology.

Broadcom Advisory #1 - Broadcom published an advisory discussing the LOGBACK-1591 vulnerability in their Brocade Fibre Channel Products.

Broadcom Advisory #2 - Broadcom published an advisory discussing the Log4Shell vulnerabilities.

B&R Advisory - B&R published an advisory discussing a deserialization of untrusted data vulnerability in their B&R APROL product line.

NOTE: This vulnerability may affect other vendor products that use Apache Chainsaw.

Delta Advisory - Incibe CERT published an advisory describing four vulnerabilities in the Delta CNCSoft ScreenEditor, and DIAEnergie products.

Gerbv Advisory - Incibe CERT published an advisory discussing seven vulnerabilities in the Gerbv file view.

Omron Advisory - JP CERT published an advisory describing five vulnerabilities in the OMRON CX-Programmer.

PcVue Advisory - PcVue published a notice discussing four vulnerabilities in their Dream Report products.

Tanzu Advisory #1 - Tanzu published an advisory describing an improper privilege management vulnerability in their Spring Cloud Gateway.

Tanzu Advisory #2 - Tanzu published an advisory describing a code injection vulnerability in their Spring Cloud Gateway.

VMware Advisory - VMware published an advisory describing an uncontrolled search path vulnerability in their VMware Tools for Windows.

Swift Sensor Report - Cisco Talos published a report describing an authentication bypass vulnerability in the Swift Sensor Gateway.

Braun End-of-Life Notices - Braun USA published end-of-life notices for their Dialog+ Version 8 and Dia70 Portable RO products.

WAGO Exploit - Momen Eldawakhly published an exploit for a privilege escalation vulnerability in the WAGO 750-8212 PFC200 G2 2ETH RS.

Hikvision Exploit - Bashis published a Metasploit module for a command injection vulnerability in unspecified Hikvision IP Camera.

Axis Exploit - Jbaines-r7 published a Metasploit module for an unrestricted upload of applications ‘feature’ in unspecified Axis IP cameras.

PwnKit Exploit - Qualys Security published a Metasploit module for the PwnKit vulnerability.

 

For more details about these disclosures, including links to third-party reports, researcher reports and exploits, see my article at CFSN Detailed Analysis - - subscription required.

Review - Public ICS Disclosures – Week of 7-31-21

This week we have three INFRA:HALT advisories from: Phoenix Contact, Schneider Electric, Siemens. We have 17 other advisories for products from Aruba, Bosch, Carestream, Genetec, Hitachi ABB Power Grids (3), Johnson Controls, Mitsubishi Electric (4), Phoenix Contact (3), PulseSecure, VMware. Finally, there are two updates from CODESYS and PcVue.

INFRA:HALT Advisories

Phoenix Contact published an advisory discussing the INFRA:HALT vulnerabilities.

Schneider published an advisory discussing the INFRA:HALT vulnerabilities.

Siemens published an advisory discussing the INFRA:HALT vulnerabilities.

Other Advisories

Aruba published an advisory describing a privilege escalation vulnerability in their Analytics and Location Engine (ALE).

Bosch published an advisory describing a cross-site request forgery vulnerability in their IP Cameras.

Carestream published an advisory discussing the PrintNightmare vulnerabilities.

Genetec published an advisory describing four vulnerabilities in their Streamvault products.

Hitachi ABB published an advisory discussing the FragAttacks WiFi vulnerabilities in their TropOS Product.

Hitachi ABB published an advisory describing a password in memory vulnerability in their Counterparty Settlement Billing (CSB) Product.

Hitachi ABB published an advisory describing a password in memory vulnerability in their Retail Operations Product.

Johnson Controls published an advisory describing an auto-update vulnerability in their Software House C•CURE 9000 product

Mitsubishi published an advisory describing an information disclosure vulnerability in their MELSEC iQ-R Series CPU module.

Mitsubishi published an advisory describing an unauthorized log-in vulnerability in their MELSEC iQ-R series CPU modules.

Mitsubishi published an advisory describing a denial-of-service vulnerability in their MELSEC iQ-R Series CPU module.

Mitsubishi published an advisory describing an authentication bypass vulnerability in their MELSEC iQ-R Series CPU Module.

Phoenix Controls published an advisory discussing the WIBU CodeMeter vulnerabilities reported by NCCIC-ICS.

Phoenix Controls published an advisory describing a denial of service vulnerability in their PLCnext Control devices.

Phoenix Controls published an advisory describing an improper privilege management vulnerability in their  FL MGUARD DM product.

PulseSecure published an advisory describing six vulnerabilities in their Pulse Connect Secure.

VMware published an advisory describing two vulnerabilities in their VMware Workspace ONE Access product.

Updates

CODESYS published an update for their CODESYS Development System V3 advisory that was originally published on July 15^th, 2021.

PcVue published an update for their advisory that was originally published in November 2020.

For more details on these advisories, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-e33 - subscription required.

ICS-CERT Issues Alert on a New Luigi Vulnerability

This afternoon the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) issued an alert for multiple vulnerabilities in the PcVue HMI-SCADA product. The vulnerabilities include:

• Control of a function pointer – DOS and possible remote code execution;

• Arbitrary memory write – Potential to write memory;

• Directory Traversal – Possible file corruption; and

• Array Overflow – DOS and possible remote code execution

All of the vulnerabilities are reportedly remotely executable and there appears to be exploit code publicly available. ICS-CERT doesn’t say this in their Alert, but this is another Luigi uncoordinated disclosure on Bugtraq.