// #hardware-security
4 articles
Dell DSA-2026-239: CVE-2026-23856 Privilege Escalation in iDRAC9 Exposes PowerEdge Server Management Plane
Dell has patched a high-severity privilege escalation vulnerability in the iDRAC9 remote management controller affecting PowerEdge servers across multiple generations. CVE-2026-23856, rated CVSS 8.8, allows a low-privileged authenticated attacker to escalate to Administrator rights on the iDRAC management plane — granting control over server power, firmware, BIOS settings, and virtual console access outside the scope of the host operating system.
AMD Zen 2 Firmware Update Strategy: Managing CPU Microcode Patches Across Enterprise Hardware
CVE-2026-46174 requires a PI firmware (BIOS/UEFI) update to deliver the AMD Zen 2 microcode fix — not a software patch. For enterprises running AMD EPYC Rome servers or Zen 2-based workstations, this means a separate patch track from OS-level vulnerability management. An asset-based approach to CPU generation inventory is the prerequisite.
Hardware Vulnerability Assessment: Methodology for CPU Microarchitecture and Firmware Security Evaluation
AMD CVE-2026-46174 and the broader class of CPU microarchitecture vulnerabilities require assessment methodology distinct from software vulnerability scanning. This guide covers the scoping, testing, and remediation verification steps for enterprise hardware security assessments covering processor vulnerabilities.
CISA Advisory: TPM 2.0 Out-of-Bounds Read in Siemens SIMATIC Industrial PCs (CVE-2025-2884)
CISA advisory ICSA-26-111-01 covers a TPM 2.0 out-of-bounds read vulnerability in Siemens SIMATIC CN 4100, Field PG M5/M6, and IPC BX series industrial computers. The flaw enables information disclosure or denial of service against the hardware root of trust, with direct implications for Secure Boot integrity and the trusted execution environment of industrial control systems.