Review – Public ICS Disclosures – Week of 9-20-25

This week we have nine vendor disclosures from Delta Electronics, Honeywell, HP (3), HPE, Philips, Rockwell, and WAGO. There are also three vendor updates from HPE, WAGO, and Welotec.

Advisories

Delta Advisory - Delta published an advisory that describes two stack-based buffer overflow vulnerabilities in their CNCSoft-G2 product.

Honeywell Advisory - Honeywell published an end-of-life notice for the legacy integrations in their Pro-Watch product.

HP Advisory #1 - HP published an advisory that discusses seven vulnerabilities in multiple HP product lines.

HP Advisory #2 - HP published an advisory that discusses six vulnerabilities (with publicly available exploits) in multiple PC product lines.

HP Advisory #3 - HP published an advisory that discusses four vulnerabilities in multiple product lines.

HPE Advisory - HPE published an advisory that discusses an out-of-bounds read vulnerability in their HPE Superdome Flex and Compute Scale-up Server 3200.

Philips Advisory - Philips published an advisory that discusses the Shai-Hulud worm.

Rockwell Advisory - Rockwell published an advisory that discusses a stack-based buffer overflow vulnerability in their Stratix products.

WAGO Advisory - CERT-VDE published an advisory that describes two missing authentication for critical function vulnerabilities in the WAGO Software Device Sphere and Software Solution Builder.

Updates

HPE Update - HPE published an update for their Blast-RADIUS advisory that was originally published on July 9^th, 2024, and most recently updated on January 22nc, 2025.

WAGO Update - CERT-VDE published an update for the WAGO 750-8xx Controller advisory that was originally published on August 17^th, 2018, and most recently updated on May 22^nd, 2025.

Welotec Update - CERT-VDE published an update for the Welotec SmartEMS Upload advisory that was originally published on September 10^th, 2025.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-0a8 - subscription required.

Review – Public ICS Disclosures – Week of 9-6-25 – Part 2

For Part 2 this week we have ten additional vendor disclosures from Philips, Phoenix Contact (2), Schneider (2), WAGO (3), Welotec, and Western Digital. We have bulk updates from Siemens (8). Finally, we have three other vendor updates from ABB.

Advisories

Philips Advisory - Philips published an advisory that discusses the Windows 10 end-of-life notice from Microsoft.

Phoenix Contact Advisory #1 - Phoenix Contact published an advisory that discusses two vulnerabilities in their FL MGUARD product.

Phoenix Contact Advisory #2 - Phoenix Contact published an advisory that discusses a least privilege vulnerability in multiple Phoenix Contact products.

Schneider Advisory #1 - Schneider published an advisory that discusses a cross-site scripting vulnerability in their Altivar Process Drives and Communication Modules.

Schneider Advisory #2 - Schneider published an advisory that describes two vulnerabilities in their Saitel DR & Saitel DP remote terminal units.

WAGO Advisory #1 - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in multiple WAGO products.

WAGO Advisory #2 - CERT-VDE published an advisory that describes an incorrect permission assignment for critical resource vulnerability in multiple WAGO products.

WAGO Advisory #3 - CERT-VDE published an advisory that discusses an inclusion of functionality from untrusted control sphere vulnerability in multiple WAGO products.

Welotec Advisory - CERT-VDE published an advisory that describes a path traversal vulnerability in the Welotec SmartEMS Web Application.

Western Digital Advisory - Western Digital published an advisory that describes a root code execution vulnerability in their Acronis True Image for Western Digital (macOS).

Bulk Updates – Siemens

• Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices,

• Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products,

• Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products,

• Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP,

• Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices,

• Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products,

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery, and

• Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1

Updates

ABB Update #1 - ABB published an update for their RTU500 series advisory that was originally published on March 25, 2025, and most recently update on April 29^th, 2025.

ABB Update #2 - ABB published an update for their RTU500 series advisory that was originally published on April 30^th, 2024.

ABB Update #3 - ABB published an update for their RTU500 series advisory that was originally published on 26 March, 2024, and most recently updated on December 18^th, 2024.

 

For more information on these disclosures, including links to researcher reports, 3^rd party advisories, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-735 - subscription required.

Review – Public ICS Disclosures – Week of 8-23-25 – Part 2

For Part 2 we have six additional vendor disclosures from Philips (2), SMA, Trumpf, Welotec, and Wireshark. There are also eight vendor updates from ABB, CODESYS (2), Dell, Hitachi Energy (2), HPE, and Siemens. Finally, we have 11 researcher reports for vulnerabilities in products from Biosig Project (10) and Ilevia.

Advisories

Philips Advisory #1 - Philips published an advisory that discusses an exposure of resources to a wrong sphere vulnerability from Dockers Desktop.

Philips Advisory #2 - Philips published an advisory that discusses an out-of-bounds write vulnerability in Google Chrome.

SMA Advisory - CERT-VDE published an advisory that describes a path traversal vulnerability in the SMA Sunny Boy 3 product.

Trumpf Advisory - CERT-VDE published an advisory that discusses an exposure of sensitive information to an unauthorized actor vulnerability (with publicly available exploits) in the Trumpf Telepresence Box.

Welotec Advisory – CERT-VDE published an advisory that describes the use of a hard-coded cryptographic key vulnerability in the Welotec egOS WebGUI.

Wireshark Advisory - Wireshark published an advisory that describes an SSH dissector crash vulnerability.

Updates

ABB Update - ABB published an update for their ELSB/BLBA ASPECT advisory that was originally published on August 11^th, 2025.

CODESYS Update #1 - CODESYS published an update for their Control V3 advisory that was originally published on August 4^th, 2025.

CODESYS Update #2 - CODESYS published an update for their Control V3 NULL pointer dereference advisory that was originally published on August 4^th, 2025.

Hitachi Energy Update #1 - Hitachi published an update for their Relion 670/650 advisory that was originally published on June 24^th, 2025.

Hitachi Energy Update #2 - Hitachi published an update for their Relion 670/650 reboot vulnerability advisory that was originally published on June 24^th, 2025.

HPE Update #1 - HPE published an update for their SAN Switches advisory that was originally published on June 10^th, 2025.

HPE Update #2 - HPE published an update for their Compute Scale-up Server 3200 platformsadvisory that was originally published on April 22^nd, 2025.

Siemens Update - Siemens published an update for their SIMATIC RTLS advisory that was originally published on August 12^th, 2025.

Research Reports

Biosig Reports - Cisco Talos published ten reports describing 16 vulnerabilities (with publicly available exploits) in the Biosig libbiosig library.

Ilevia Report - Zero Science published a report that describes an authentication bypass vulnerability (with a publicly available exploit) in the Ilevia EVE X1/X5 Server.

 

For more information on these disclosures, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-b4c - subscription required.

Review – Public ICS Disclosures – Week of 4-20-24 – Part 2

For Part 2 we have nine additional vendor disclosures from Panasonic, QNAP (6), WatchGuard, and Welotec. We also have eight vendor updates from Broadcom (6), Mitsubishi, and Palo Alto Networks. There are four researcher reports for products from Mathieu Malaterre (3) and Offis. Finally, we have three exploits for products from FortiGuard and Palo Alto Networks (2).

Advisories

Panasonic Advisory - Panasonic published an advisory that describes an improper restriction of operations within the bounds of a memory buffer.

QNAP Advisory #1 - QNAP published an advisory that describes four vulnerabilities in their QTS and QuTS hero products.

QNAP Advisory #2 - QNAP published an advisory that discusses four vulnerabilities in their utility Proxy Server.

QNAP Advisory #3 - QNAP published an advisory that describes two vulnerabilities in their QuFirewall.

QNAP Advisory #4 - QNAP published an advisory that describes an integer overflow or wraparound vulnerability in their QTS, QuTS hero, and QuTScloud product.

QNAP Advisory #5 - QNAP published an advisory that describes an improper authentication vulnerability in their Media Streaming Add-on.

QNAP Advisory #6 - QNAP published an advisory that describes two path traversal vulnerabilities in their QTS, QuTS hero, and QuTScloud products.

WatchGuard Advisory - WatchGuard published an advisory that discusses the Diffie-Hellman Key Agreement Protocol Weaknesses.

Welotec Advisory - CERT-VDE published an advisory that describes an improper restriction of rendered UI layers or frames vulnerability in their SMART EMS and VPN Security Suite products.

Updates

Broadcom Update #1 - Broadcom published an update for their EZServer module advisory that was originally published on November 8^th, 2022.

Broadcom Update #2 - Broadcom published an update for their Identical SSH keys advisory that was originally published on April 10^th, 2024.

Broadcom Update #3 - Broadcom published an update for their Hardcoded TLS keys advisory that was originally published on April 11^th, 2024.

Broadcom Update #4 - Broadcom published an update for their SANnav OVA advisory that was originally published on April 11^th, 2024.

Broadcom Update #5 - Broadcom published an update for their Insecure file permission advisory that was originally published on April 11^th, 2024.

Broadcom Update #6 - Broadcom published an update for their Docker instances advisory that was originally published on April 11^th, 2024.

Mitsubishi Update - Mitsubishi published an update for their Microsoft Message Queuing advisory that was originally published on February 20^th, 2024.

Reports

Palo Alto Networks Update - Palo Alto Networks published an update for their Arbitrary File Creation advisory that was originally published on April 12^th, 2024 and most recently updated on April 20^th, 2024.

Offis Report - Cisco Talos published a report describing an incorrect type conversion or cast vulnerability in the Offis DCMTK, a collection of DICOM libraries.

Exploits

FortiGuard Exploit - Spencer McIntyre published a Metasploit module for an SQL injection vulnerability in the FortiClient EMS (this vulnerability is listed in CISA’s Known Exploit Vulnerability Catalog).

Palo Alto Networks Exploit #1 - Sfewer-r7 published a Metasploit module for a command injection vulnerability in the Palo Alto Networks PAN-OS (this vulnerability is listed in CISA’s KEV Catalog).

Palo Alto Networks Exploit #2 - Kr0ff published an exploit for a command injection vulnerability in the Palo Alto Networks PAN-OS (this vulnerability is listed in CISA’s KEV Catalog).

 

For more information about these disclosures, including links to 3rd party advisories and researcher reports, as well as summaries of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-6e6 - subscription required.

Review – Public ICS Disclosures – Week of 4-6-24 – Part 2

For part two we have three additional vendor disclosures from B&R, Schneider and Welotec. We also have 13 vendor updates from HP (2) and Siemens (11). Finally, there are four researcher reports for vulnerabilities in products from TP-Link.

Advisories

B&R Advisory - B&R published an advisory that discusses four vulnerabilities (one with known exploit) in their APC4100, APC910, and PPC900 products.

Schneider Advisory - Schneider published an advisory that discusses an improper privilege management vulnerability in their Easergy Studio product.

Welotec Advisory - CERT-VDE published an advisory that describes two vulnerabilities in the Welotec TK500v1 router series.

Updates

HP Update #1 - HP published an update for their PC Bios advisory that was originally published on March 12^th, 2024.

HP Update #2 - HP published an update for their March 2024 BIOS security advisory that was originally published on March 13^th, 2024.

Siemens Update #1 - Siemens published an update for their FortiGate NGFW advisory that was originally published on March 12^th, 2024.

Siemens Update #2 - Siemens published an update for their SIMATIC S7-1500 BIOS advisory that was originally published on June 16^th, 2023 and most recently updated on December 12^th, 2023.

Siemens Update #3 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on June 13^th, 2023 and most recently updated on February 13^th, 2024.

Siemens Update #4 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on February 13^th, 2024.

Siemens Update #5 - Siemens published an update for their Scalance W1750D advisory that was originally published on February 13^th, 2024.

Siemens Update #6 - Siemens published an update for their OpenSSL advisory that was originally published on June 14^th, 2022 and most recently updated on January 9^th, 2024.

Siemens Update #7 - Siemens published an update for their OPC UA Implementation advisory was originally published on September 12^th, 2023 and most recently updated on February 13^th, 2024.

Siemens Update #8 – Siemens published an update for their OPC Foundation advisory that was originally published on April 11th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update # 9 - Siemens published an update for their SCALANCE W700 advisory that was originally published on November 14^th, 2023.

Siemens Update #10 - Siemens published an update for their SIMATIC S7-1500 advisory that was or published on December 12th, 2023 and most recently updated on March 12^th, 2024.

Siemens Update #11 - Siemens published an update for their OpenSSL Vulnerabilities advisory that was originally published on March 14^th, 2023 and most recently updated on October 10^th, 2023.

Researcher Reports

TP-Link Reports - Talos published four reports describing twelve vulnerabilities in the TP-Link AC1350 Wireless MU-MIMO Gigabit Access Point.

 

For more information on these disclosures, including links to third parties advisories and summaries of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-fd8 - subscription required.