Public ICS Disclosures – Week of 10-25-25
This week we have bulk vendor disclosures from HP (6). We have 11 additional vendor disclosures from Circutor, Hitachi Energy, HPE, Moxa, Philips, QNAP, Ruckus, Sick (2), Supermicro, and WatchGuard. There are bulk updates from HP (6). We have six additional vendor updates from ABB, Hitachi Energy, and Moxa (4). Finally, we have a researcher report of a vulnerability in products from MPDV Mikrolab.
Bulk Disclosures – HP
Circutor Advisory
INCIBE-CERT published an advisory that describes 12 vulnerabilities in the Circutor SGE-PLC100 and SGE-PLC50 concentrators. These products are end-of-life and Circutor recommends upgrading to the latest version of their GEDE EDC product.
Hitachi Energy Advisory
Hitachi Energy published an advisory that discusses the BlastRadius-Fail vulnerability. Hitachi Energy reports that their AFS, AFR and AFF series products are affected. The affected products are all end-of-life. Hitachi Energy provides setting adjustments to mitigate the vulnerability.
HPE Advisory
HPE published an advisory that describes seven vulnerabilities in their Private Cloud AI product. Two of these are third-party vulnerabilities. The five HPE vulnerabilities do not have CWE descriptions, nor are they currently available on NVD.NIST.gov. HPE has a new version that mitigates the vulnerabilities.
The two 3rd party vulnerabilities are:
Cross-site scripting - CVE-2024-47875 (includes proof-of-concept code),
Unquoted search path or element - CVE-2023-38408 (exploit).
Moxa Advisory
Moxa published an advisory that discusses an inadequate encryption strength vulnerability in multiple Moxa product lines. This is a third-party (Tenable) vulnerability. Moxa has new versions that mitigate the vulnerability.
Philips Advisory
Philips published an advisory that discusses a Windows remote code execution vulnerability that is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Philips reports that their 867113 – Focal Point and 866389 – PIC iX products are affected. Philips is in the process of validating Microsoft patches.
QNAP Advisory
QNAP published an advisory that discusses an HTTP request/response smuggling vulnerability in their NetBak PC Agent. This is a third-party (ASP.NET) vulnerability with publicly available exploit. QNAP recommends installing the latest Microsoft ASP.NET Core updates.
Ruckus Advisory
Ruckus published an advisory that describes “a number of vulnerabilities in access control and privilege escalation” in their RUCKUS Network Director. Ruckus has a new version that mitigates the vulnerability. There is no listing of the individual vulnerabilities.
Sick Advisories
Sick published an advisory that discusses an inclusion of functionality from untrusted control sphere vulnerability in their SID products. This is a third-party (Sudo) vulnerability that is listed in CISA’s KEV catalog and has a publicly available exploit. Sick has a new version that mitigates the vulnerability.
Sick published an advisory that describes six vulnerabilities in their TLOC100-100 product. Sick has a new version that mitigates two of the listed vulnerabilities. Sick provides generic mitigation measures for the remaining vulnerabilities.
The six reported vulnerabilities are:
Use of unmaintained third-party components - CVE-2025-10561,
Allocation of resources without limit or throttling - CVE-2025-59459,
Use of weak credentials - CVE-2025-59460,
Missing authorization - CVE-2025-59461,
Uncaught exception - CVE-2025-59462, and
Deadlock - CVE-2025-59463
Note: Sick reports that the affected 3rd party component is an “outdated operating system”. This is not one of the fixed vulnerabilities.
Supermicro Advisory
Supermicro published an advisory that discusses an improper handling of insufficient entropy vulnerability in multiple Supermicro products. This is a third-party (AMD) vulnerability. Supermicro has an updated BIOS firmware that mitigates the vulnerability.
WatchGuard Advisory
WatchGuard published an advisory that describes a command injection vulnerability in their Mobile VPN product. The vulnerability was reported by Defence Tech Malware Lab. WatchGuard has a new version that mitigates the vulnerability.
Bulk Updates – HP
Intel Rapid Storage Technology Software August 2025 Security Update,
Intel System Security Report and System Resources Defense, and
ABB Update
ABB published an update for their Terra AC wallbox advisory that was originally published on September 16th, 2025, and most recently updated on October 9th, 2025. The new information includes updating CVE information.
Hitachi Energy Update
Hitachi Energy published an update for their Asset Suite advisory that was originally published on September 30th, 2025. The new information includes updating Affected Product versions.
Moxa Updates
Moxa published an update for their Ethernet Switch advisory that was originally published on October 23rd, 2025. The new information includes adding solutions for EDS, ICS, IKS, SDS Series.
Moxa published an update for their Secure Routers advisory that was originally published on April 2nd, 2025, and most recently updated on May 5th, 2025. The new information includes updating the solutions for the TN-4900 Series.
Moxa published an update for their Secure Routers advisory that was originally published on April 2nd, 2025. The new information includes updating the Solutions for the TN-4900 Series.
Moxa published an update for their ICMP Timestamp advisory that was originally published on October 21st, 2025. The new information includes adding ioLogik E1200 Series in the Solutions section.
MPDV Mikrolab Report
SEC Consult published a report that describes a path traversal vulnerability in the MPDV Mikrolab MIP 2, FEDRA 2, and HYDRA X Manufacturing Execution Systems. The report includes proof-of-concept code. This is a coordinated disclosure and MPDV has a new version that mitigates the vulnerability.