Public ICS Disclosures – Week of 3-15-25
This week we have 24 vendor disclosures from CODESYS (3), Dassault Systèmes (13), Fuji Soft, Helmholtz, HPE (2), MB Connect, Phillips (2), and QNAP. There are also six vendor updates from Dell, FortiGuard (3), HP, and HPE. Finally, there are three researcher reports for vulnerabilities in products from Luxion and National Instruments (2).
CODESYS Advisories
CODESYS published an advisory that describes an observable discrepancy vulnerability in their CODESYS Runtime Toolkit. The vulnerability was reported by Tom Tervoort from Secura B.V. CODESYS has a new version that mitigates the vulnerability.
CODESYS published an advisory that describes a path traversal vulnerability in multiple CODESYS products. The vulnerability was reported by D. Blagojevic, S.Dietz and T. Weber of CyberDanube. CODESYS has new versions that mitigate the vulnerability.
CODESYS published an advisory that describes an insecure initialization of resource vulnerability in Edge Gateway for Windows and Gateway for Windows products. The vulnerability was reported by Diego Guibertoni of Nozomi Networks. CODESYS has a new versions that mitigates the vulnerability.
Dassault Advisories
Dassault Systèmes published 13 advisories stored cross-site scripting vulnerabilities in multiple products. These advisories are only available to registered customers.
The 13 advisories are:
Stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager,
Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist,
Stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer,
Stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator,
Stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator, and
Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer
Fuji Soft Advisory
JP-CERT published an advisory that describes two command OS injection vulnerabilities in the Fuji F FS010M router. The vulnerability was reported by Takeshi Kuramori of National Institute of Information and Communications Technology. Fuji has a new firmware version that mitigates the vulnerability.
Helmholtz Advisory
CERT-VDE published an advisory that describes two vulnerabilities in the Helmholtz myREX24 and myREX24.virtual products. Helmholtz has a new version that mitigates the vulnerability.
The two reported vulnerabilities are:
Missing authentication for critical function - CVE-2024-23943, and
Missing encryption of sensitive information - CVE-2024-23942
HPE Advisories
HPE published an advisory that describes three vulnerabilities in the HPE Aruba Networking AOS-CX product. One of the vulnerabilities was reported by dugisan3rd. HPE has new versions that mitigate the vulnerabilities.
The three reported vulnerabilities are:
Incorrect authorization - CVE-2025-25040, and
Exposure of private personal information to an unauthorized actor (2) - CVE-2025-25042 and CVE-2025-27080.
HPE published an advisory that discusses six vulnerabilities (two with publicly available exploits) in their Telco Service Activator. These are third-party vulnerabilities. HPE has newer versions that mitigate the vulnerabilities.
The six reported vulnerabilities are:
Allocation of resources without limit or throttling - CVE-2023-43642 (contains proof-of-concept code),
Uncontrolled resource consumption - CVE-2023-44487 (Rapid Reset Attack, listed in CISA’s Known Exploited Vulnerability catalog), CVE-2023-5685,
Uncontrolled recursion - CVE-2024-5971,
Improper input validation - CVE-2024-7254, and
Session fixation - CVE-2024-7341
MB Connect Advisory
CERT-VDE published an advisory that describes two vulnerabilities in multiple MB Connect products. MB Connect has new versions that mitigate the vulnerabilities.
The two reported vulnerabilities are:
Missing authentication for critical function - CVE-2024-23943, and
Missing encryption of sensitive data - CVE-2024-23942
Philips Advisories
Philips published an advisory that discusses an Apache Tomcat vulnerability. Philips reports that none of their products are affected.
Philips published an advisory that discusses three VMware vulnerabilities. Philips reports that none of their products are affected.
QNAP Advisory
QNAP published an advisory that discusses an absolute path traversal vulnerability (listed in CISA’s KEV catalog) in the NAKIVO Backup & Replication application. This is a third-party (WatchTowerLabs) vulnerability. QNAP has removed the application from their App Center pending development of a fixed version by the vendor.
Dell Update
Dell published an update for their ThinOS advisory that was originally published on March 4th, 2025. The new information includes adding CVE-2025-27688 (incorrect permission assignment for critical function) with a fix.
FortiGuard Updates
FortiGuard published an update for their csfd daemon advisory that was originally published on January 14th, 2025, and most recently updated on January 16th, 2025. The new information includes adding FortiOS 6.4.16 in fixed versions.
FortiGuard published an update for their RADIUS Protocol advisory that was originally published on August 13th, 2024, and most recently updated on March 6th, 2025. The new information includes removing products with entries in advisory table from 'Under Investigation'.
FortiGuard published an update for their permission escalation advisory that was originally published on February 11th, 2025. The new information includes clarifying permissions.
HP Update
HP published an update for their LaserJet Pro advisory that was originally published on February 14th, 2025, and most recently updated on March 14th, 2025. The new information includes updating Firmware Revision Strings.
HPE Update
HPE published an update for their Cray XD670 Server advisory that was originally published on March 11th, 2025. The new information includes correcting the CVE number.
Luxion Reports
ZDI published three reports about vulnerabilities in the Luxion KeyShot product. These are coordinated disclosures, but the vendor has not yet reported a fix. ZDI is calling these 0-day vulnerabilities.
The three reported vulnerabilities are:
Improper initialization of a pointer - CVE-2025-2530,
Improper validation of user supplied data - CVE-2025-2531, and
Use after free - CVE-2025-2532
National Instruments Reports
ZDI published a report that describes a path traversal vulnerability in the NI FlexLogger. This is a coordinated disclosure, but the vendor has not yet reported a fix. ZDI is reporting this as a 0-day vulnerability.
ZDI published a report that describes a product UI does not warn user of unsafe actions vulnerability in the NI Vision Builder AI. This is a coordinated disclosure, but the vendor does not consider the vulnerability to be a safety issue. ZDI is reporting this as a 0-day vulnerability.