Public ICS Disclosures – Week of 2-7-26 – Part 2

For Part 2 we have five additional vendor disclosures from Arista, HPE, Supermicro, WAGO, and Yokogawa. There are ten vendor updates from Broadcom (3), CODESYS (2), HP, HPE, and Schneider (3). We also have three researcher reports for products from Sante, Linksys, and Solax. Finally, we have three exploits for products from FortiGuard, Palo Alto Networks, and SolarWinds.

Arista Advisory

Arista published an advisory that describes six vulnerabilities in their Next Generation Firewall. The vulnerabilities were reported by Bishop Fox; the report includes proof-of-concept code. Arista has a new version that mitigates the vulnerability.

The six reported vulnerabilities are:

• OS command injection - CVE-2025-6978,

• Command injection (3) - CVE-2026-25620, CVE-2026-25622, and CVE-2026-25623,

• Improper input validation - CVE-2026-25621, and

• Cross-site scripting - CVE-2026-25624

HPE Advisory

HPE published an advisory that discusses an improper handling of values vulnerability in their ProLiant DL/ML/XD, Synergy, Edgeline, MicroServer. This is a third-party (Intel) vulnerability. HPE has new versions that mitigate the vulnerability.

Supermicro Advisory

Supermicro published an advisory that discusses 11 vulnerabilities in multiple Supermicro products. These are third-party (Intel) vulnerabilities. Supermicro has new versions that mitigate the vulnerabilities.

WAGO Advisory

CERT-VDE published an advisory that describes four vulnerabilities in the WAGO Industrial-Managed-Switch 0852-XXXX products. The vulnerabilities were reported by Diconium. WAGO has a new firmware version that mitigates the vulnerability.

The four reported vulnerabilities are:

• Use of hard-coded cryptographic key - CVE-2026-22906,

• Stack-based buffer overflow - CVE-2026-22904, CVE-2026-22903, and

• Path traversal - CVE-2026-22905

Yokogawa Advisory

Yokogawa published an advisory that describes six vulnerabilities in their Vnet/IP Interface Package. The vulnerabilities were reported by Dmitry Sklyar and Demid Uzenkov of Positive Technologies. Yokogawa has a new version that mitigates the vulnerabilities.

The six reported vulnerabilities are:

• Integer underflow (2) - CVE-2025-1924 and CVE-2025-48021,

• Reachable assertion (3) - CVE-2025-48019, CVE-2025-48020, and CVE-2025-48023, and

• Improper handling of length parameter inconsistency - CVE-2025-48022.

Broadcom Updates

Broadcom published an update for their Brocade Fabric OS advisory that was originally published on August 1^st, 2023. The new information includes security update in Brocade Fabric OS 8.2.3e.

Broadcom published an update for their Brocade Fabric OS advisory that was originally published on May 17^th, 2017. The new information includes:

• Updating CVSS score from 4.2 to 6.5,

• Removing Old Brocade Products.

Broadcom published an update for their rsynd advisory that was originally published on September 13, 2022. The new information includes correcting the cve in the title to CVE-2017-17434 instead of CVE-2017-1734.

CODESYS Updates

CODESYS published an update for their CODESYS Control advisory that was originally published on December 1^st, 2025. The new information includes announcing that fixed versions for all products available.

CODESYS published an update for their CODESYS Control advisory that was originally published on December 1^st, 2025. The new information includes announcing that fixed versions for all products available.

HP Update

HP published an update for their LaserJet advisory that was originally published on November 13^th, 2025, and most recently updated on December 10^th, 2025. The new information includes updating affected products.

HPE Update

HPE published an update for their Aruba Networking EdgeConnect advisory that was originally published on January 14^th, 2026. The new information includes updating Resolution Section to include newly released 9.4.8.

Schneider Updates

Schneider published an update for their EcoStruxure Power Operation advisory that was originally published on July 8^th, 2025. The new information includes:

• Announcing that a fix for EcoStruxure™ Power Operation 2022 now available,

• Updating vulnerability details and remediation directions.

Schneider published an update for their EcoStruxure Foxboro DCS advisory that was originally published on December 9^th, 2025. The new information includes:

• Adding H90 DC Server to the affected products list, and

• Updating the remediation section with H94 and details on how customers can determine if offer is impacted.

Schneider published an update for their Uni-Telway Driver advisory that was originally published on February 11^th, 2025, and most recently updated on January 13^th, 2026. The new information includes removing the comment “EcoStruxure™ Process Expert found to be not affected by this vulnerability.”

Linksys Report

SySS Tech published a report that describes six vulnerabilities in the Linksys MR9600 and MX4200 routers. The report includes proof-of-concept code. This was a coordinated disclosure Linksys has a new version that mitigates one of the reported vulnerabilities.

The six reported vulnerabilities are:

• Path traversal - SYSS-2025-001,

• Missing authentication for critical function - SYSS-2025-002,

• SQL injection - SYSS-2025-009,

• OS command injection (2) - SYSS-2025-010 and SYSS-2025-011, and

• Improper verification of source of a communication channel - SYSS-2025-014

Sante Report

The Zero Day Initiative published a report that describes a buffer overflow vulnerability in the Sante DICOM Viewer Pro. This is a coordinated disclosure and Sante has a new version that mitigates the vulnerability.

Solax Report

SEC Consult published a report that describes three vulnerabilities in the Solax Power Pocket WiFi models. The report includes proof-of-concept code. This is a coordinated disclosure and Solax has new firmware versions that mitigate the vulnerability.

The three reported vulnerabilities are:

• Improper certificate validation - CVE-2025-15573,

• Use of insufficiently random numbers - CVE-2025-15574, and

• Download of code without integrity check - CVE-2025-15575

FortiGuard Exploit

Peter Gabaldon published an exploit for an exposure of sensitive information to an unauthorized actor vulnerability in the FortiGuard FortiGate product. FortiGuard previously disclosed the vulnerability.

Palo Alto Networks Exploit

Indoushka published an exploit for four vulnerabilities in the Palo Alto Networks PAN-OS products. The four vulnerabilities were previously disclosed by PAN and three are listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.

SolarWinds Exploit

Jimi Sebree published a Metasploit module for two vulnerabilities in the SolarWinds Web Help Desk application. SolarWinds previously disclosed the vulnerabilities and they are both listed in CISA’s KEV Catalog.