Public ICS Disclosures – Week of 12-6-25 – Part 2
For Part 2 we have nine bulk disclosures from Siemens. There are additional vendor disclosures from Dell, Pheonix Contact, Schneider (2), and WAGO. There are 14 bulk updates from HP (6) and Siemens (8). We also have three other vendor updates from Hitachi Energy, Moxa, and Schneider. There is a researcher report on vulnerabilities in products from the Biosig Project (6). Finally, we have four exploits for products from Broadcom, Palo Alto Networks, and React Server Components (2).
Bulk Disclosures – Siemens
Denial of service Vulnerability in Interniche IP-Stack based Industrial Devices,
Multiple Vulnerabilities in SINEC Security Monitor before V4.10.0,
Denial of Service Vulnerability in Ruggedcom ROS devices before V5.10.1,
Dell Advisory
Dell published an advisory that discusses 36 vulnerabilities in their ThinOS product. These are third-party vulnerabilities. Dell has a new version that mitigates the vulnerabilities.
Pheonix Contact Advisory
Pheonix Contact published an advisory that describes 14 vulnerabilities in their SWITCH 2xxx Firmware. The vulnerabilities were reported by D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube. Pheonix Contact has new versions that mitigate the vulnerabilities.
Schneider Advisories
Schneider published an advisory that discusses an exposure of sensitive information to unauthorized actor vulnerability in multiple Schneider products. This is a third-party (Intel) vulnerability. Schneider recommends upgrading to the latest Foxboro server (V95) and workstations (Dell D96).
Schneider published an advisory that discusses a deserialization of untrusted data vulnerability in their EcoStruxure Foxboro DCS Advisor. This is a third-party (Microsoft) vulnerability that is listed in CISA’s Known Exploited Vulnerabilities catalog with a publicly available exploit. Schneider recommends applying the Microsoft update.
WAGO Advisory
CERT-VDE published an advisory that describes two stack-based buffer overflow vulnerabilities in the WAGO Industrial-Managed Switches. The vulnerability was reported by Daniel Hulliger of The Cyber-Defence Campus of armasuisse S+T. WAGO has a new version that mitigates the vulnerabilities.
Bulk Updates – HP
Certain HP LaserJet Pro Printers – Potential Information Disclosure,
HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution, and
Bulk Updates – Siemens
Deserialization Vulnerability in Siemens Engineering Platforms before V20,
Deserialization Vulnerability in Siemens Engineering Platforms,
Buffer Overflow Vulnerability in Third-Party Component in SICAM and SITIPE Products,
Deserialization Vulnerability in Siemens Engineering Platforms,
Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products,
Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20, and
DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery.
Hitachi Energy Update
Hitachi Energy published an update for their Relion 670/650 advisory that was originally published on June 24th, 2025, and most recently updated on August 26th, 2025. The new information includes updating fixed version 2.2.4.6.
Moxa Update
Moxa published an update for their ICMP Timestamp Request advisory that was originally published on October 21st, 2025, and most recently updated on October 27th, 2025. The new information includes adding EDS-4000 and EDS-G4000 Series in the Solutions section.
Schneider Update
Schneider published an update for their Altivar Process Drives advisory that was originally published on September 9th, 2025, and most recently updated on October 14th, 2025. The new information includes announcing that remediations are now available for ATS490 Altivar Soft Starter.
Biosig Project Report
Cisco Talos published a report that describes six stack-based buffer overflow vulnerabilities in the Biosig Project libbiosig library. The report includes proof-of-concept code for the vulnerabilities. This is a coordinated disclosure. Biosig has a new version that mitigates the vulnerabilities.
Broadcom Exploit
Indoushka published an exploit for an improper restriction of operations within the bounds of a memory buffer vulnerability in the Broadcom Wi-Fi Firmware. There is no record on the Broadcom web site for this CVE, but a contemporary Android advisory reported that this was a Broadcom vulnerability, so presumably Broadcom had updates for this eight year old vulnerability.
Palo Alto Networks Exploit
Indoushka published an exploit for a deep-packet inspection vulnerability in the PanOS. According to a blog post by Pierre Kim PAN was notified of this vulnerability and responded that:
“”Detection bypass attacks SHOULD NOT be determined to be vulnerabilities unless a product explicitly claims to detect a specific pattern and fails to do so.” Since PAN-OS does not explicitly claim to detect the reported behaviors, this scenario does not meet the criteria for a CVE-classified vulnerability.”
So technically, this is a 0-day exploit of a ‘feature’.
React Server Components Exploits
Indoushka published a scanner for, and an exploit of, the deserialization of untrusted data vulnerability in React Server Components. This vulnerability is listed in CISA’s KEV catalog.
Maksim Rogov, et al, published a Metasploit module for the the deserialization of untrusted data vulnerability in React Server Components. This vulnerability is listed in CISA’s KEV catalog.