Review – Public ICS Disclosures – 4-11-26 – Part 1

 This is a moderately busy disclosure week for Cyber Week. This week we have 32 bulk vendor disclosures from FortiGaurd (11), HPE (5), Siemens (8), and Splunk (8). We have seven additional vendor disclosures from ABB, Eaton, Helmholz, HP (2), Meinberg, and OMRON. 

Bulk Vendor Disclosures – FortiGuard  

• Arbitrary directory delete on vmimages delete feature,  

• Credential disclosure in LDAP configuration web page,  

• Heap-based buffer overflow in oftpd daemon,  

• Missing Authentication for critical function in CAPWAP daemon,  

• Multiple Stored XSS,  

• OS Command Injection through API endpoint,  

• Path Traversal in CLI,  

• Path Traversal in CLI, 

• Reflected XSS in Operation Center,  

• SQL Injection via JSON RPC API, and 

• Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox. 

Bulk Vendor Disclosures – HPE  

• HPESBCR05043 rev.1 - HPE Cray Supercomputing EX Servers Using Intel Processors, INTEL-SA-01397, 2026.1 IPU, Intel Trust Domain Extensions (Intel TDX) module Advisory, Multiple Vulnerabilities, 

• HPESBHF05040 rev.1 - Certain HPE SimpliVity Servers Using Certain AMD EPYC Processors, AMD-SB-3016: IOMMU Write Buffer Vulnerability, Loss of Confidential Guest Integrity Vulnerability, 

• HPESBHF05036 rev.1 - Certain HPE ProLiant AMD DL/XL Servers Using Certain AMD EPYC Processors, AMD-SB-3016: IOMMU Write Buffer Vulnerability, Loss of Confidential Guest Integrity Vulnerability, 

• HPESBHF05035 rev.1 - Certain HPE ProLiant AMD Servers Using Certain AMD EPYC Processors, AMD-SB-3034: SEV-SNP Routing Misconfiguration, Local Compromise of System Integrity Vulnerability, and 

 • HPESBHF05034 rev.1 - Certain HPE ProLiant AMD DL/XL Servers Using Certain AMD EPYC Processors, AMD-SB-7054: Incorrect use of LocateProtocol Service of the EFI_BOOT_Services table in SMI Handler, Local Arbitrary Code Execution Vulnerability. 

Bulk Vendor Disclosures – Siemens  

• Improper Certificate Validation Vulnerability in Siemens Analytics Toolkit, 

• Authentication Bypass Vulnerability in SINEC NMS, 

• Privilege Escalation Vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager Primary Before V5.8, 

• Out of Bound Read Vulnerability in TPM 2.0, 

• Authorization Bypass Vulnerability in Industrial Edge Management, 

• Authorization Bypass Vulnerability in SINEC NMS Before V4.0 SP3,  

• Memory Corruption Vulnerability in RUGGEDCOM CROSSBOW Station Access Controller Before V5.8, and 

• Multiple Vulnerabilities in SCALANCE W-700 IEEE 802.11n Devices Before V6.6.0. 

Bulk Vendor Disclosures – Splunk  

• Third-Party Package Updates in Splunk Operator for Kubernetes Add-on - April 2026, 

• Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app, 

• Third-Party Package Updates in Splunk IT Service Intelligence (ITSI) - April 2026, 

• Third-Party Package Updates in Splunk Enterprise - April 2026, 

• Third-Party Package Updates in Splunk Universal Forwarder - April 2026,  

• Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise,  

• Improper Access Control in Data Model Acceleration in Splunk Enterprise, and 

• Improper Input Validation during User Account Creation in Splunk Enterprise. 

Advisories  

ABB Advisory - ABB published an advisory that discusses four vulnerabilities in their Ability Symphony Plus Engineering products. 

Eaton Advisory - Eaton published an advisory that describes five vulnerabilities in their Intelligent Power Protector (IPP) Software. 

Helmholz Advisory - CERT-VDE published an advisory that discusses five vulnerabilities in the Helmholz myREX24V2/myREX24V2.virtual. 

HP Advisory #1 - HP published an advisory that describes a stack-based buffer overflow vulnerability in their DeskJet printers. 

HP Advisory #2 - HP published an advisory that describes an execution with unnecessary privileges vulnerability in their System Optimizer product. 

Meinberg Advisory - Meinberg published an advisory that discusses 19 vulnerabilities (six with publicly available exploits) in their LANTIME product. 

OMRON Advisory - JP-CERT published an advisory that describes an uncontrolled search path element vulnerability in the Omron Uninterruptible Power Supply. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-4-11-26-part - subscription required.