Public ICS Disclosures – Week of 1-24-26 – Part 2

For Part 2 we have six additional vendor disclosures from dormakaba (3), Splunk, and WatchGuard (2). We have bulk vendor updates from Broadcom (7). There are six additional vendor updates from HP, HPE (3), Palo Alto Networks, and VMware. We also have a researcher report on vulnerabilities in products from IDIS. Finally, we have an exploit for products from Advantech.

Dormakaba Advisories

Dormakaba published an advisory that describes 12 vulnerabilities in their Access Manager product. The vulnerabilities were reported by SEC Consult, the report includes proof-of-concept code. Dormakaba has new versions that mitigate the vulnerabilities.

Dormakaba published an advisory that describes seven vulnerabilities in their Kaba exos 9300 systems. The vulnerabilities were reported by SEC Consult, the report includes proof-of-concept code. Dormakaba has new versions that mitigate the vulnerabilities.

The seven reported vulnerabilities are:

• Missing authentication for critical function - CVE-2025-59090,

• Use of hard-coded credentials (4) - CVE-2025-59091, CVE-2025-59092, CVE-2025-59095, and CVE-2025-59096,

• Reliance on security through obscurity - CVE-2025-59093, and

• Improper privilege management - CVE-2025-59094,

Dormakaba published an advisory that describes a debug messages revealing unnecessary information vulnerability in their registration Unit 9002 Generation K5. The vulnerability was reported by SEC Consult, the report includes proof-of-concept code. Dormakaba has new versions that mitigate the vulnerabilities.

Splunk Advisory

Splunk published an advisory that discusses an improper handling of length parameter inconsistency vulnerability in their Enterprise product. This is a third-party (MongoDB) vulnerability with publicly available exploits; it is listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Splunk has new versions that mitigate the vulnerability.

WatchGuard Advisories

WatchGuard published an advisory that discusses a privilege escalation vulnerability in their Mobile VPN with IPSec client for Windows. This is a third-party (NCP) vulnerability. WatchGuard has a new version that mitigates the vulnerability.

WatchGuard published an advisory that describes an LDAP injection vulnerability in their Fireware OS product. WatchGuard has new versions that mitigate the vulnerability.

Bulk Vendor Updates – Broadcom

• Brocade Fabric OS (10.x and 9.2.x Releases) Vulnerability Disclosures,

• OS command injection vulnerability in OpenSSH (CVE-2023-51385),

• Brocade ASCG Vulnerability Disclosures,

• Brocade SANnav Vulnerability Disclosures,

• CVE-2023-31928 - XSS vulnerability in Brocade Webtools,

• Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3, and

• Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module.

Bulk Vendor Updates – Hitachi Energy

• Cybersecurity Advisory - Reboot Vulnerability in Hitachi Energy Relion 670/650 and SAM600-IO series products,

• Cybersecurity Advisory - Improper Input Validation Vulnerability in Hitachi Energy’s Relion® 670/650/SAM600-IO series Product,

• Cybersecurity Advisory - OpenSSL Vulnerabilities in Hitachi Energy’s Relion® 670, 650, SAM600-IO series Product,

• Cybersecurity Advisory - Update package validation Vulnerability in Hitachi Energy’s Relion® 670, 650 and SAM600-IO Series Products, and

• Cybersecurity Advisory - IEC 61850 MMS-Server Vulnerability in Hitachi Energy’s Relion® 670, 650 series and SAM600-IO Products.

HP Update

HP published an update for their Intel Ethernet I219 Software advisory that was originally published on February 11^th, 2025, and most recently updated on April 24^th, 2025. The new information includes updating version and SoftPaq information for Business Notebooks, Business Desktops, and Thin Clients.

HPE Updates

HPE published an update for their OneView Software advisory that was originally published on December 17^th, 2025, and most recently updated on December 26^th, 2025. The new information includes updating resolution details.

HPE published an update for their Aruba Networking Virtual Intranet Access advisory that was originally published on January 13^th, 2026. The new information includes updating the Resolution section.

HPE published an update for their Aruba Networking AOS-8 advisory that was originally published on January 13^th, 2026. The new information includes updating CVE-2025-37178 and CVE-2025-37179 Details block and Resolution section.

Palo Alto Networks Update

PAN published an update for their GlobalProtect Gateway and Portal advisory that was originally published on January 14^th, 2026, and most recently updated on January 16^th, 2026. The new information includes fixing a broken link and updated the Solutions table.

VMware Update

Broadcom published an update for the VMware vCenter Server advisory that was originally published on June 17^th, 2024. The new information includes adding note that: “Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.”

IDIS Report

Claroty published a report that describes an argument injection vulnerability in the IDIS ICM Viewer. The report includes proof-of-concept code. The vulnerability as previously disclosed by IDIS.

Advantech Exploit

Indoushka published an exploit for an SQL Injection vulnerability in the Advantech IoTSuite and IoT Edge products. There is no CVE associated with this publication and no indication that the vendor has been notified of the vulnerability. This may be a 0-day exploit.