Public ICS Disclosures – Week of 11-22-25 – Part 2

For Part 2 we have three additional vendor disclosures from ABB, and Wibu (2). There are also six vendor updates from ABB, FortiGuard (2), and Mitsubishi (3). Finally, we have five exploits for products from Broadcom, FortiGuard (2), HP, and Ruckus.

ABB Advisory

ABB published an advisory that discusses 22 vulnerabilities in their Ability Camera Connect product. These are third-party vulnerabilities. ABB has a new version that mitigates the vulnerabilities.

Wibu Advisories

Wibu published an advisory that describes a write-what-where condition vulnerability in their legacy WibuKey product. The vulnerability was reported by the Zero Day Initiative. Wibu has a new version that mitigates the vulnerability.

Wibu published an advisory that describes an improper restriction of operations within the bounds of a memory buffer vulnerability in their legacy WibuKey product. The vulnerability was reported by KEUM SUNG of Team_F1_Driver. Wibu has a new version that mitigates the vulnerability.

ABB Update

ABB published an update for their Terra AC wallbox advisory that was originally published on September 16^th, 2025, and most recently updated on October 27^th, 2025. The new information includes updating CWE, version, and branding.

FortiGuard Updates

FortiGuard published an update for their CAPWAP daemon advisory that was originally published on November 18^th, 2025. The new information includes adding workarounds.

FortiGuard published an update for their CAPWAP daemon advisory that was originally published on November 18^th, 2025. The new information includes adding workarounds.

Mitsubishi Updates

Mitsubishi published an update for their Lighting Control System MILCO.S advisory that was originally published on November 18^th, 2025. The new information includes revising CVSS.

Mitsubishi published an update for their Flexera InstallShield advisory that was originally published on July 24^th, 2025. The new information includes adding Numerical Control Device Communication Software (FCSB1224) to the list of fixed products.

Mitsubishi published an update for their MELSEC iQ-R Series/iQ-F Series that was originally published on June 1^st, 2023, and most recently updated on October 31^st, 2024. The new information includes updating the Countermeasures for Customers for FX5-ENET/IP.

Broadcom Exploit

Indoushka published an exploit for two vulnerabilities in the Broadcom Brocade Fabric OS. The vulnerabilities were previously disclosed (here and here) by Broadcom.

FortiGuard Exploits

Indoushka published an exploit for a relative path traversal vulnerability in the FortiGuard FortiWeb product. The vulnerability was previously disclosed by Broadcom and is listed in CISA’s Known Exploited Vulnerability (KEV) catalog.

Sfewer-r7 published a Metasploit module for two vulnerabilities in the FortiGuard FortiWeb product. The vulnerabilities were previously disclosed {here (KEV) and here (KEV)} by FortiGuard and are listed in CISA’s KEV catalog.

HP Exploit

Indoushka published an exploit for an improper authentication vulnerability in the HP Intelligent Management product. The vulnerability was previously disclosed by HP.

Ruckus Exploit

Huthaifa Qashou published an exploit for a cross-site scripting vulnerability in the Ruckus Unleashed product. There is a CVE associated with this exploit, but there is no indication that the vendor has addressed the vulnerability. This may be a 0-day exploit.