Review – Public ICS Disclosures – Week of 11-29-25 – Part 2

For Part 2 we have 19 bulk disclosures from Splunk (10) and WatchGuard (9). We have two additional vendor disclosures from Wireshark. There are four vendor updates from Advantech, Moxa (2), and VMware. There are ten researcher reports on vulnerabilities in a product from Socomec. Finally, we have two exploits for products from Broadcom and PX4.

Block Disclosures

Bulk Disclosures – Splunk

• SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool,

• Third-Party Package Updates in Splunk Enterprise - December 2025,

• Improper Input Validation in "label" column field in Splunk Secure Gateway App,

• Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise,

• Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade,

• Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade,

• Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise,

• Unauthenticated Log Injection in Splunk Enterprise,

• Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app, and

• URL validation bypass through Views Dashboard in Splunk Enterprise

Bulk Disclosures – WatchGuard

• WatchGuard Firebox Boot Time System Integrity Check Bypass,

• WatchGuard Firebox XPath Injection Vulnerability in Web CGI,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration,

• WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command,

• WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration,

• WatchGuard Firebox iked Memory Corruption Vulnerability,

• WatchGuard Firebox Authenticated Out of Bounds Write in certd,

Advisories

Wireshark Advisory #1 - Wireshark published an advisory that describes an infinite loop vulnerability (with publicly available exploit) in their MEGACO dissector.

Wireshark Advisory #2 - Wireshark published an advisory that describes an improperly controlled sequential memory allocation vulnerability (with publicly available exploit) in their HTTP3 dissector.

Updates

Advantech Update - Advantech published an update for their WISE-DeviceOn advisory that was originally published on November 18^th, 2025.

Moxa Update #1 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025, and most recently updated on October 27^th, 2025.

Moxa Update #2 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025, and most recently updated on October 27^th, 2025.

VMware Update - Broadcom published an update for their vCenter Server advisory that was originally published on September 21s, 2021, and most recently updated on September 24^th, 2021.

Researcher Reports

Socomec Reports - Cisco Talos published ten reports for 14 vulnerabilities in the Socomec DIRIS Digiware M-70.

Exploits

Broadcom Exploit - Laginimaineb published an exploit for an improper restriction of operations within the bounds of a memory buffer in the Broadcom BCM4355C0 Wi-Fi chips.

PX 4 Exploit - Indoushka published an exploit for a stack-based buffer overflow vulnerability in the PX4 drone autopilot.

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-2dc - subscription required.

Review – Public ICS Disclosures – Week of 6-21-25 – Part 2

For Part 2 we have six additional vendor disclosures from MB Connect, Splunk (4), and Westermo. There are four vendor updates from Hitachi Energy, MB Connect, and Palo Alto Networks (2). Finally, we have two exploits for vulnerabilities in products from Faydam and PX4.

Advisories

MB Connect Advisory - MB Connect published an advisory that describes a missing authentication for critical function vulnerability in their mymbCONNECT24 product.

Splunk Advisory #1 - Splunk published an advisory that discusses seven vulnerabilities in their AppDynamics Smart Agent.

Splunk Advisory #2 - Splunk published an advisory that discusses three vulnerabilities {one on CISA’s Known Exploited Vulnerabilities (KEV) catalog} in their Operator for Kubernetes.

Splunk Advisory #3 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their UniversalForwarder Docker product.

Splunk Advisory #4 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their Splunk Docker product.

Westermo Advisory - Westermo published an advisory that discusses the Misfortune Cookies vulnerabilities in their EDW-100 and EDW-120 serial to Ethernet converters.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their Intel Chipset Software advisory that was originally published on February 25^th, 2025.

MB Connect Update - MB Connect published an update for their mymbCONNECT24 advisory that was originally published on December 19^th, 2024, and most recently updated on May 22^nd, 2025.

Palo Alto Networks Update #1 - PAN published an update for their GlobalProtect advisory that was originally published on June 11^th, 2025.

Palo Alto Networks Update #2 - PAN published an update for their Command Injection Vulnerability advisory that was originally published on June 11^th, 2025.

Exploits

Faydam Exploit - Serhat Aydın published an exploit for an SQL injection vulnerability in the Faydam Datalogger.

PX4 Exploit - Mohammed Idrees Banyamer published an exploit for a stack-based buffer overflow vulnerability in the PX4 open-source drone autopilot.