Review – Public ICS Disclosures – Week of 1-17-26

For Part 2 we have 2 additional vendor disclosures from Rockwell. There are also five vendor updates from ABB, FortiGuard, HPE, Siemens, and VMware. We have bulk researcher reports for products from MedDream (22). Finally, we have two exploit for products from Splunk.

Advisories

Rockwell Advisory #1 - Rockwell published an advisory that describes nine uncontrolled resource consumption vulnerabilities in their ArmorStart LT product.

Rockwell Advisory #2 - Rockwell published an advisory that describes a missing release of memory after effective lifetime vulnerability in their 1756-RM2(XT).

Updates

ABB Update - ABB published an update for their ABB 800xA Base advisory that was originally published on June 5^th, 2024, and most recently updated on February 7^th, 2025.

FortiGuard Update - FortiGuard published an update for their cw_acd daemon advisory that was originally published on January 13^th, 2026.

HPE Update - HPE published an update for their Aruba Networking Access Points advisory that was originally published on August 3^rd, 2024, and most recently updated on March 14^th, 2025.

Siemens Update - Siemens published an update for their RUGGEDCOM APE1808 Devices advisory that was originally published on May 13^th, 2025, and most recently updated on January 13^th, 2026.

Bulk Researcher Reports – MedDream (22)

• MedDream PACS Premium modifyUser reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium emailfailedjob reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyTranscript reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium downloadZip reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium downloadZip reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium autoPurge reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyAnonymize reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyEmail reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyCoercion reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyHL7Route reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium existingUser reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium ldapUser reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium notifynewstudy reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium encapsulatedDoc arbitrary file read vulnerability,

• MedDream PACS Premium modifyRoute reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium sendOruReport reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium encapsulatedDoc reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyHL7App reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium config.php multiple reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium fetchPriorStudies reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyAutopurgeFilter reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyAeTitle reflected cross-site scripting (XSS) vulnerability

NOTE: These CISCO Talos reports include proof-of-concept code.

Exploits

Splunk Exploit #1 - Alex Hordijk published a Metasploit module for a function call with an incorrectly specified argument value vulnerability in the Splunk Enterprise product.

Splunk Exploit #2 - Psytester published a Metasploit module for code injection vulnerability in the Splunk Enterprise product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-aab - subscription required.