Review – Public ICS Disclosures – Week of 11-29-25 – Part 2

For Part 2 we have 19 bulk disclosures from Splunk (10) and WatchGuard (9). We have two additional vendor disclosures from Wireshark. There are four vendor updates from Advantech, Moxa (2), and VMware. There are ten researcher reports on vulnerabilities in a product from Socomec. Finally, we have two exploits for products from Broadcom and PX4.

Block Disclosures

Bulk Disclosures – Splunk

• SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool,

• Third-Party Package Updates in Splunk Enterprise - December 2025,

• Improper Input Validation in "label" column field in Splunk Secure Gateway App,

• Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise,

• Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade,

• Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade,

• Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise,

• Unauthenticated Log Injection in Splunk Enterprise,

• Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app, and

• URL validation bypass through Views Dashboard in Splunk Enterprise

Bulk Disclosures – WatchGuard

• WatchGuard Firebox Boot Time System Integrity Check Bypass,

• WatchGuard Firebox XPath Injection Vulnerability in Web CGI,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration,

• WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command,

• WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration,

• WatchGuard Firebox iked Memory Corruption Vulnerability,

• WatchGuard Firebox Authenticated Out of Bounds Write in certd,

Advisories

Wireshark Advisory #1 - Wireshark published an advisory that describes an infinite loop vulnerability (with publicly available exploit) in their MEGACO dissector.

Wireshark Advisory #2 - Wireshark published an advisory that describes an improperly controlled sequential memory allocation vulnerability (with publicly available exploit) in their HTTP3 dissector.

Updates

Advantech Update - Advantech published an update for their WISE-DeviceOn advisory that was originally published on November 18^th, 2025.

Moxa Update #1 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025, and most recently updated on October 27^th, 2025.

Moxa Update #2 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025, and most recently updated on October 27^th, 2025.

VMware Update - Broadcom published an update for their vCenter Server advisory that was originally published on September 21s, 2021, and most recently updated on September 24^th, 2021.

Researcher Reports

Socomec Reports - Cisco Talos published ten reports for 14 vulnerabilities in the Socomec DIRIS Digiware M-70.

Exploits

Broadcom Exploit - Laginimaineb published an exploit for an improper restriction of operations within the bounds of a memory buffer in the Broadcom BCM4355C0 Wi-Fi chips.

PX 4 Exploit - Indoushka published an exploit for a stack-based buffer overflow vulnerability in the PX4 drone autopilot.

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-2dc - subscription required.