Review – Public ICS Disclosures – Week of 3-7-26 – Part 3

For Part 3 we have an additional bulk vendor disclosure from Schneider Electric (6). There are three additional vendor disclosures from Siemens (2) and Weidmueller. We have bulk vendor updates from Siemens (12). There are also seven vendor updates from FortiGuard (2), HP, Schneider Electric (3), and VMware. Finally, we have three exploits for products from Splunk and WatchGuard (2).

Bulk Vendor Disclosures – Schneider

• Improper Resource Shutdown or Release vulnerability in Multiple Products,

• Improper Neutralization vulnerability in Multiple Products,

• Deserialization of Untrusted Data vulnerability on EcoStruxure™ Foxboro DCS,

• Improper Control of Generation of Code ('Code Injection') vulnerability on EcoStruxure™ Automation Expert,

• Use of Hard-coded Credentials vulnerability in EcoStruxure™ IT Data Center Expert, and

• Deserialization of Untrusted Data vulnerability on Multiple Products.

Advisories

Siemens Advisory #1 - Siemens published an advisory that describes six vulnerabilities in their SICAM SIAPP SDK product.

Siemens Advisory #2 - Siemens published bulletin about misconfiguration in Mendix Applications.

Weidmueller Advisory - CERT-VDE published an advisory that describes four vulnerabilities in the Weidmueller Energy Meter 750-XX.

Bulk Vendor Updates – Siemens

• Missing Server Certificate Validation in IAM Client,

• Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices,

• Missing Server Certificate Validation in Siemens Advanced Licensing (SALT) Toolkit,

• Data Validation Vulnerability in NX Before V2512,

• Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices,

• Multiple Vulnerabilities in SINEC Security Monitor before V4.9.0,

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery,

• Multiple Vulnerabilities in COMOS,

• Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager,

• Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP • MFP V3.1.5,

• Privilege Escalation Vulnerability in SINAMICS Drives, and

• Stored Cross-Site Scripting Vulnerability in SIMATIC S7-1500.

Updates

FortiGuard Update #1 - FortiGuard published an update for their OpenSSL advisory that was originally published on January 30^th, 2026, and most recently updated on March 3^rd, 2026.

FortiGuard Update #2 - FortiGuard published an update for their SSL-VPN Symlink advisory that was originally published on February 10^th, 2026.

HP Update - HP published an update for their Intel NPU Driver advisory that was originally published February 25^th, 2026.

Schneider Update #1 - Schneider published an update for their FlexNet Publisher advisory that was originally published on January 14^th, 2025, and most recently updated on November 11^th, 2025.

Schneider Update #2 - Schneider published an update for their ProLeiT Plant iT advisory that was originally published on January 13^th, 2026.

Schneider Update #3 - Schneider published an update for their EcoStruxure Power Build Rapsody advisory that was originally published on January 13^th, 2026.

VMware Update - Broadcom published an update for their Aria Operations advisory that was originally published on February 24^th, 2026.

Exploits

Splunk Exploit - Indoushka published an exploit for a function call with incorrectly specified argument value vulnerability in the Splunk Enterprise product.

WatchGuard Exploit #1 - Indoushka published an exploit for a default SSH credentials vulnerability.

WatchGuard Exploit #2 - Indoushka published a Metasploit module for a privilege escalation vulnerability in the WatchGuard IKEv2.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-795 - subscription required.