Review – Public ICS Disclosures – Week of 5-31-25 – Part 2

For Part 2 we have 10 additional vendor disclosures from HPE, SEL, Splunk (4), VMware, WAGO, Wireshark, and ZIV. There are also three vendor updates from ABB, Dell, and Yokogawa. We also have two researcher reports about vulnerabilities in products from ABB and Foscam. Finally, we have an exploit for products from WatchGuard.

Advisories

HPE Advisory - HPE published an advisory that describes eight vulnerabilities in their StoreOnce software.

SEL Advisory - SEL published a software update notice that addresses a deserialization of untrusted data vulnerability in their SEL-5030 acSELerator QuickSet software.

Splunk Advisory #1 - Splunk published an advisory that discusses 11 vulnerabilities in their Universal Forwarder product.

Splunk Advisory #2 - Splunk published an advisory that discusses 30 vulnerabilities in their Enterprise product.

Splunk Advisory #3 - Splunk published an advisory that describes an incorrect permission assignment for critical resource vulnerability in their Universal Forwarder for Windows product.

Splunk Advisory #4 - Splunk published an advisory that describes a cross-site scripting vulnerability in their Enterprise product.

VMware Advisory - Broadcom published an advisory that describes three cross-site scripting vulnerabilities in the VMware NSX product.

WAGO Advisory - CERT-VDE published an advisory that describes an integer overflow or wraparound vulnerability (Year 2038 Problem) in the WAGO 0852 series managed switches.

Wireshark Advisory - Wireshark published an advisory that describes a classic buffer overflow vulnerability in their Dissection engine.

ZIV Advisory - INICBE-CERT published an advisory that describes eight vulnerabilities in the ZIV IDF and ZLF products.

Updates

ABB Update - ABB published an update for their Welcome IPGateway advisory that was originally published on April 11^th, 2025.

Dell Update - Dell published an update for their OS10 advisory that was originally published on March 15^th, 2019.

Yokogawa Update - Yokogawa published an update for their Recorders advisory that was originally published on April 18^th, 2025.

Researcher Reports

ABB Report - Zero Science published a report that describes an authentication bypass vulnerability (with publicly available exploit) in the ABB Cylon Aspec building energy management product.

Foscam Report - SSD published a report that describes three buffer overflow vulnerabilities in the Foscam X5 camera.

Exploits

WatchGuard Exploit - Cody Sixteen published an exploit for a memory corruption vulnerability in the WatchGuard cli binary.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, including a commentary about the ABB reporting, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-d1a - subscription required.