Review – Public ICS Disclosures – Week of 12-6-25 – Part 2

For Part 2 we have nine bulk disclosures from Siemens. There are five additional vendor disclosures from Dell, Pheonix Contact, Schneider (2), and WAGO. There are 14 bulk updates from HP (6) and Siemens (8). We also have three other vendor updates from Hitachi Energy, Moxa, and Schneider. There is a researcher report on vulnerabilities in products from the Biosig Project (6). Finally, we have four exploits for products from Broadcom, Palo Alto Networks, and React Server Components (2).

Bulk Disclosures – Siemens

• Denial of service Vulnerability in Interniche IP-Stack based Industrial Devices,

• Multiple Vulnerabilities in RUGGEDCOM ROX Before V2.17,

• Multiple Vulnerabilities in SINEC Security Monitor before V4.10.0,

• Denial of Service Vulnerability in Ruggedcom ROS devices before V5.10.1,

• File Parsing Vulnerability in Simcenter Femap Before V2512,

• Multiple Vulnerabilities in SICAM T Before V3.0,

• Multiple Vulnerabilities in SIMATIC CN 4100 Before V4.0.1,

• Multiple Vulnerabilities in COMOS, and

• Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0.

Advisories

Dell Advisory - Dell published an advisory that discusses 36 vulnerabilities in their ThinOS product.

Pheonix Contact Advisory - Pheonix Contact published an advisory that describes 14 vulnerabilities in their SWITCH 2xxx Firmware.

Schneider Advisory #1 - Schneider published an advisory that discusses an exposure of sensitive information to unauthorized actor vulnerability in multiple Schneider products.

Schneider Advisory #2 - Schneider published an advisory that discusses a deserialization of untrusted data vulnerability in their EcoStruxure Foxboro DCS Advisor.

WAGO Advisory - CERT-VDE published an advisory that describes two stack-based buffer overflow vulnerabilities in the WAGO Industrial-Managed Switches.

Bulk Updates – HP

• NVIDIA GPU Display Driver October 2025 Security Update,

• NVIDIA GPU Display Driver July 2025 Security Update,

• Certain HP LaserJet Pro Printers – Potential Information Disclosure,

• AMD CPU Microcode Security Update,

• HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution, and

• Intel System Security Report and System Resources Defense.

Bulk Updates – Siemens

• Deserialization Vulnerability in Siemens Engineering Platforms before V20,

• RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products,

• Deserialization Vulnerability in Siemens Engineering Platforms,

• Buffer Overflow Vulnerability in Third-Party Component in SICAM and SITIPE Products,

• Deserialization Vulnerability in Siemens Engineering Platforms,

• Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products,

• Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20, and

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their Relion 670/650 advisory that was originally published on June 24^th, 2025, and most recently updated on August 26^th, 2025.

Moxa Update - Moxa published an update for their ICMP Timestamp Request advisory that was originally published on October 21^st, 2025, and most recently updated on October 27^th, 2025.

Schneider Update - Schneider published an update for their Altivar Process Drives advisory that was originally published on September 9^th, 2025, and most recently updated on October 14^th, 2025.

Researcher Reports

Biosig Project Report - Cisco Talos published a report that describes six stack-based buffer overflow vulnerabilities in the Biosig Project libbiosig library.

Exploits

Broadcom Exploit - Indoushka published an exploit for an improper restriction of operations within the bounds of a memory buffer vulnerability in the Broadcom Wi-Fi Firmware.

Palo Alto Networks Exploit - Indoushka published an exploit for a deep-packet inspection vulnerability in the PanOS.

RSC Exploit #1 - Indoushka published a scanner for, and an exploit of, the deserialization of untrusted data vulnerability in React Server Components.

RSC Exploit #2 - Maksim Rogov, et al, published a Metasploit module for the the deserialization of untrusted data vulnerability in React Server Components.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-0c5 - subscription required.

CISA Adds Sierra Wireless Vulnerability to KEV – 12-12-25

Yesterday CISA announced that it had added an unrestricted upload of file with dangerous type vulnerability in the Sierra Wireless AirLink ALEOS product to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was reported by Cisco Talos on April 15^th, 2019; the report included proof-of-concept code. Sierra Wireless published their advisory on the vulnerability (along with 12 others) on April 30^th, 2019. CISA published their advisory on the vulnerability (along with six others) on August 20^th, 2019, and most recently updated it on April 23, 2020.

CISA has required that Federal agencies that use the affected products to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” Those required actions are to be completed January 2^nd, 2026.

Review – CSB Updates Accidental Release Reporting Data – 12-1-25

On Thursday the CSB updated their published list of reported chemical release incidents. They added 58 new incidents that occurred since the previous version was published in July. These are not incidents that the CSB is investigating, these are incidents that were reported to the CSB under their Accidental Release Reporting rules (40 CFR 1604) through November 30^th, 2025.

The table below shows the top five states based upon the number of reported incidents since the July update was published.

 

For more information on the data, including a listing of chemical incidents reported in the news that should have been reported to CSB, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updates-accidental-release-reporting-313 - subscription required.

Chemical Transportation Incidents – Week of 11-8-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

NOTE: PHMSA’s database is not currently allowing online downloads. I was able to request a copy of the week’s data directly from PHMSA. That is the reason for this late posting.

Incidents Summary

• Number of incidents – 486 (453 highway, 31 air, 2 rail, 0 water)

• Serious incidents – 4 (3 Bulk release, 0 evacuation, 1 injury, 0 death, 0 major artery closed, 2 fire/explosion, 30 no release)

• Largest container involved – 33,900-gal DOT 117J100W Railcar {Petroleum Gases, Liquefied or Liquefied Petroleum Gas} Vapor valve cracked open, plug not tool tight.

• Largest amount spilled – 250-gal Plastic IBC {Caustic Alkali Liquids, N.O.S.} Forklift strike.

• Total amount reported spilled in all incidents – 2174.4-gal

NOTE: Links to Form 5800.1 for the described incidents are not currently available online.

Most Interesting Chemical: Hydrofluoric Acid And Sulfuric Acid Mixtures: A clear colorless liquid with a pungent odor. Corrosive to metals and tissue. Exposure to the fumes or brief contact can cause severe burns as mixture penetrates to cause deep-seated ulceration that is sometimes complicated by gangrene. (Source: CameoChemicals.NOAA.gov).

 

Review – Public ICS Disclosures – Week of 12-6-25 – Part 1

This week we have bulk disclosures from FortiGuard (8), There are also 12 additional vendor disclosures from Cisco, Dell, Dassault Systems, Elecom, Endress+Hauser, Hitachi Energy (2), HP, HPE, Moxa, and NI (2).

Bulk Disclosures – FortiGuard

• Insertion of sensitive information into REST API logs,

• Insufficient Session Expiration in SSLVPN,

• Multiple Fortinet Products' FortiCloud SSO Login Authentication Bypass,

• Multiple authenticated OS Command Injections via API,

• OS command injection in GUI backup options,

• OS command injection in multiple endpoints,

• Private key readable by admin, and

• Reflected XSS in HA cluster.

Advisories

Cisco Advisory - Cisco published an advisory that discusses the React Server Components deserialization of untrusted data vulnerability that is listed in CISA’s Known Exploited Vulnerabilities catalog.

Dell Advisory - Dell published an advisory that discusses 30 vulnerabilities. All but three of these are third-party vulnerabilities.

Dassault Advisory - Dassault published an advisory that describes a cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator.

Elecom Advisory - JP CERT published an advisory that describes an unquoted search path vulnerability in the Elecom Clone for Windows.

Endress+Hauser Advisory - CERT-VDE published an advisory that discusses an out-of-bounds write vulnerability in multiple Endress+Hauser products.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that discusses a deserialization of untrusted data vulnerability in their Asset Suite product.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that discusses the React Server Component deserialization of untrusted data vulnerability that is listed in CISA’s KEV catalog.

HP Advisory - HP published an advisory that describes a path traversal vulnerability in their  Event Utility and Omen Gaming Hub products.

HPE Advisory - HPE published an advisory that discusses ten vulnerabilities in their ProLiant DL/ML/XD Alletra and Synergy Servers.

Moxa Advisory - Moxa published an advisory that describes two vulnerabilities in their MXsecurity Series products.

NI Advisory #1 - NI published an advisory that describes nine vulnerabilities in their LabVIEW product.

NI Advisory #2 - NI published an advisory that describes a relative path traversal vulnerability in their System Web Server.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-c5d - subscription required.

Chemical Transportation Incidents – Week of 11-8-25

Unfortunately, the download function of the PHMSA HazmatIncident Report Search Portal “has been temporarily disabled”. I have a request in to PHMSA to provide the data that I need to write this blog post, but I have no idea if/when that data will be forthcoming. I expect to publish this post when I can.

Review – Bills Introduced – 12-11-25

Yesterday, with both the House and Senate in Washington, there were 128 bills introduced. Two of those bills may receive additional coverage in this blog:

HR 6630 To direct the Department of Defense to carry out an initiative to understand and address occupational resiliency challenges of the Cyber Mission Force. Elfreth, Sarah [Rep.-D-MD-3]

HR 6631 To require the Secretary of Defense to establish a program for the development of cybersecurity education at academic institutions, and for other purposes. Elfreth, Sarah [Rep.-D-MD-3]

Space Geek Legislation

I would like to mention one bill under my limited Space Geek coverage in this blog:

HR 6638 To require a report on merits and options for establishing an institute relating to space resources, and for other purposes. Foushee, Valerie P. [Rep.-D-NC-4]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-12-11-25 - subscription required.