Review – Public ICS Disclosures – Week of 2-28-26 – Part 2

For Part 2 we have five additional vendor updates from FortiGuard (2), GE Vernova, HPE, and VMware. There are 12 researcher reports about vulnerabilities in products from Biosig Project (3), Honeywell, and Philips (8). Finally, we have six exploits for products from Honeywell, Splunk, WatchGuard, and Wireshark (3).

Updates

FortiGuard Update #1 - FortiGuard published an update for their OpenSSL advisory that was originally published on January 30^th, 2026, and most recently updated on February25th, 2026.

FortiGuard Update #2 - FortiGuard published an update for their SSL-VPN bookmarks advisory that was originally published on October 14^th, 2025.

GE Vernova Update - GE published an update for their Universal Relay advisory that was originally published on December 14^th, 2025.

HPE Update - HPE published an update for their Aruba Networking EdgeConnect SD-WAN Orchestrator advisory that was originally published on January 14^th, 2026, and most recently updated on February 10^th, 2026.

VMware Update - Broadcom published an update for the VMware Aria Operations advisory that was originally published on February 24^th, 2026.

Researcher Reports

Biosig Reports - Cisco Talos published three reports about vulnerabilities in the Biosig Project libbiosig library.

Honeywell Report - Zero Science published a report that describes an improper authentication for critical function vulnerability (with publicly available exploit) in the Honeywell Trend IQ4 building controller.

Philips Reports - ZDI published eight reports of vulnerabilities in the Philips Hue Bridge product that were disclosed in a recent Pwn2Own contest.

Exploits

Honeywell Exploit - Indoushka published a Metasploit module for an improper authentication for critical function vulnerability in the Honeywell Trend IQ4 product.

Splunk Exploit - Indoushka published an exploit for a function call with incorrectly specified argument value vulnerability in the Splunk Enterprise product.

WatchGuard Exploit - WatchTowr published an exploit for an out-of-bounds write vulnerability in the WatchGuard Fireware OS product.

Wireshark Exploit #1 - Indoushka published an exploit for an allocation of resources without limit or throttling vulnerabilities in the Wireshark USB HID Protocol Dissector.

Wireshark Exploit #2 - Indoushka published an exploit for a buffer overread vulnerability in the Wireshark Dissector product.

Wireshark Exploit #3 - Indoushka published an exploit for a NULL pointer dereference vulnerability in the Wireshark Dissector product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-bb7 - subscription required.

Review – Public ICS Disclosures – Week of 2-14-26 – Part 2

For Part 2 we have another set of bulk vendor disclosures from Splunk (11). We have three additional vendor disclosures from Broadcom, and Supermicro (2). There are six vendor updates from Broadcom (2), HP (2), and HPE (2). There is also a researcher reports for vulnerabilities in products from OpenCFD. Finally, we have two exploits for products from FortiGuard and Splunk.

Bulk Vendor Disclosures – Splunk

• Third-Party Package Updates in Splunk DB Connect - February 2026,

• Third-Party Package Updates in Splunk Enterprise - February 2026,

• Third-Party Package Updates in Splunk Universal Forwarder - February 2026,

• Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise,

• Local Privilege Escalation in Splunk Enterprise for Windows through Python Module Search Path,

• Sensitive Information Disclosure in "_internal" index in Splunk Enterprise,

• Improper Access Control in Splunk Monitoring Console App,

• Local Privilege Escalation (LPE) in Splunk Enterprise for Windows through DLL Search‑Order Hijacking,

•Client-Side Denial of Service (DoS) through ''/splunkd/raw/services/authentication/ users/username'' REST API endpoint in Splunk Enterprise,

• Sensitive Information Disclosure in "_internal" index in Splunk Enterprise,

• Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise,

Advisories

Broadcom Advisory - Broadcom published an advisory that discusses an improper use of invalid use of special elements vulnerability in Brocade ASC-Gateway OVA.

Supermicro Advisory #1 - Supermicro published an advisory that discusses 19 vulnerabilities in multiple Supermicro products.

Supermicro Advisory #2 - Supermicro published an advisory that discusses the end-of-life Microsoft Secure Boot CA 2011 that affects multiple Supermicro products.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 7th, 2025, and most recently updated on January 27^th, 2026.

Broadcom Update #2 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 14^th, 2024, and most recently updated on July 8^th, 2025.

HP Update #1 - HP published an update for their NVIDIA GPU Display Driver advisory that was originally published on September 25^th, 2025, and most recently updated on December 11^th, 2025.

HP Update #2 - HP published an update for their Intel Graphics Software advisory that was originally published on November 11^th, 2025.

HPE Update #1 - HPE published an update for their StoreEasy Servers advisory that was originally published on February 11^th, 2026.

HPE Update #2 - HPE published an update for their ProLiant AMD DL/XL Servers advisory that was originally published on February 10^th, 2026.

Researcher Reports

OpenCFD Report - Cisco Talos published a report that describes a code injection vulnerability in the OpenCFD OpenFOAM simulation file.

Exploits

FortiGuard Exploit - Indoushka published an exploit for an exposure of sensitive information to an unauthorized actor vulnerability in the FortiGuard FortiOS.

Splunk Exploit - Indoushka published an exploit for a code injection vulnerability in the Splunk Enterprise product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-8f7 - subscription required.

Review – Public ICS Disclosures – Week of 1-24-26 – Part 2

For Part 2 we have six additional vendor disclosures from dormakaba (3), Splunk, and WatchGuard (2). We have bulk vendor updates from Broadcom (7). There are six additional vendor updates from HP, HPE (3), Palo Alto Networks, and VMware. We also have a researcher report on vulnerabilities in products from IDIS. Finally, we have an exploit for products from Advantech.

Advisories

Dormakaba Advisory #1 - Dormakaba published an advisory that describes 12 vulnerabilities in their Access Manager product.

Dormakaba Advisory #2 - Dormakaba published an advisory that describes seven vulnerabilities in their Kaba exos 9300 systems.

Dormakaba Advisory #3 - Dormakaba published an advisory that describes a debug messages revealing unnecessary information vulnerability in their registration Unit 9002 Generation K5.

Splunk Advisory - Splunk published an advisory that discusses an improper handling of length parameter inconsistency vulnerability (with publicly available exploits, listed in CISA’s KEV catalog) in their Enterprise product.

WatchGuard Advisory #1 - WatchGuard published an advisory that discusses a privilege escalation vulnerability in their Mobile VPN with IPSec client for Windows.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes an LDAP injection vulnerability in their Fireware OS product.

Bulk Vendor Updates – Broadcom

• Brocade Fabric OS (10.x and 9.2.x Releases) Vulnerability Disclosures,

• OS command injection vulnerability in OpenSSH (CVE-2023-51385),

• Brocade ASCG Vulnerability Disclosures,

• Brocade SANnav Vulnerability Disclosures,

• CVE-2023-31928 - XSS vulnerability in Brocade Webtools,

• Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3, and

• Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module.

Bulk Vendor Updates – Hitachi Energy

• Cybersecurity Advisory - Reboot Vulnerability in Hitachi Energy Relion 670/650 and SAM600-IO series products,

• Cybersecurity Advisory - Improper Input Validation Vulnerability in Hitachi Energy’s Relion® 670/650/SAM600-IO series Product,

• Cybersecurity Advisory - OpenSSL Vulnerabilities in Hitachi Energy’s Relion® 670, 650, SAM600-IO series Product,

• Cybersecurity Advisory - Update package validation Vulnerability in Hitachi Energy’s Relion® 670, 650 and SAM600-IO Series Products, and

• Cybersecurity Advisory - IEC 61850 MMS-Server Vulnerability in Hitachi Energy’s Relion® 670, 650 series and SAM600-IO Products.

Updates

HP Update - HP published an update for their Intel Ethernet I219 Software advisory that was originally published on February 11^th, 2025, and most recently updated on April 24^th, 2025.

HPE Update #1 - HPE published an update for their OneView Software advisory that was originally published on December 17^th, 2025, and most recently updated on December 26^th, 2025.

HPE Update #2 - HPE published an update for their Aruba Networking Virtual Intranet Access advisory that was originally published on January 13^th, 2026.

HPE Update #3 - HPE published an update for their Aruba Networking AOS-8 advisory that was originally published on January 13^th, 2026.

Palo Alto Networks Update - PAN published an update for their GlobalProtect Gateway and Portal advisory that was originally published on January 14^th, 2026, and most recently updated on January 16^th, 2026.

VMware Update - Broadcom published an update for the VMware vCenter Server advisory that was originally published on June 17^th, 2024.

Researcher Reports

IDIS Report - Claroty published a report that describes an argument injection vulnerability in the IDIS ICM Viewer.

Exploits

Advantech Exploit - Indoushka published an exploit for an SQL Injection vulnerability in the Advantech IoTSuite and IoT Edge products.

 

For more information about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-2c5 - subscription required.

Review – Public ICS Disclosures – Week of 1-17-26

For Part 2 we have 2 additional vendor disclosures from Rockwell. There are also five vendor updates from ABB, FortiGuard, HPE, Siemens, and VMware. We have bulk researcher reports for products from MedDream (22). Finally, we have two exploit for products from Splunk.

Advisories

Rockwell Advisory #1 - Rockwell published an advisory that describes nine uncontrolled resource consumption vulnerabilities in their ArmorStart LT product.

Rockwell Advisory #2 - Rockwell published an advisory that describes a missing release of memory after effective lifetime vulnerability in their 1756-RM2(XT).

Updates

ABB Update - ABB published an update for their ABB 800xA Base advisory that was originally published on June 5^th, 2024, and most recently updated on February 7^th, 2025.

FortiGuard Update - FortiGuard published an update for their cw_acd daemon advisory that was originally published on January 13^th, 2026.

HPE Update - HPE published an update for their Aruba Networking Access Points advisory that was originally published on August 3^rd, 2024, and most recently updated on March 14^th, 2025.

Siemens Update - Siemens published an update for their RUGGEDCOM APE1808 Devices advisory that was originally published on May 13^th, 2025, and most recently updated on January 13^th, 2026.

Bulk Researcher Reports – MedDream (22)

• MedDream PACS Premium modifyUser reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium emailfailedjob reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyTranscript reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium downloadZip reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium downloadZip reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium autoPurge reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyAnonymize reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyEmail reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyCoercion reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyHL7Route reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium existingUser reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium ldapUser reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium notifynewstudy reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium encapsulatedDoc arbitrary file read vulnerability,

• MedDream PACS Premium modifyRoute reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium sendOruReport reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium encapsulatedDoc reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyHL7App reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium config.php multiple reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium fetchPriorStudies reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyAutopurgeFilter reflected cross-site scripting (XSS) vulnerability,

• MedDream PACS Premium modifyAeTitle reflected cross-site scripting (XSS) vulnerability

NOTE: These CISCO Talos reports include proof-of-concept code.

Exploits

Splunk Exploit #1 - Alex Hordijk published a Metasploit module for a function call with an incorrectly specified argument value vulnerability in the Splunk Enterprise product.

Splunk Exploit #2 - Psytester published a Metasploit module for code injection vulnerability in the Splunk Enterprise product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-aab - subscription required.

Review – Public ICS Disclosures – Week of 11-29-25 – Part 2

For Part 2 we have 19 bulk disclosures from Splunk (10) and WatchGuard (9). We have two additional vendor disclosures from Wireshark. There are four vendor updates from Advantech, Moxa (2), and VMware. There are ten researcher reports on vulnerabilities in a product from Socomec. Finally, we have two exploits for products from Broadcom and PX4.

Block Disclosures

Bulk Disclosures – Splunk

• SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool,

• Third-Party Package Updates in Splunk Enterprise - December 2025,

• Improper Input Validation in "label" column field in Splunk Secure Gateway App,

• Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise,

• Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade,

• Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade,

• Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise,

• Unauthenticated Log Injection in Splunk Enterprise,

• Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app, and

• URL validation bypass through Views Dashboard in Splunk Enterprise

Bulk Disclosures – WatchGuard

• WatchGuard Firebox Boot Time System Integrity Check Bypass,

• WatchGuard Firebox XPath Injection Vulnerability in Web CGI,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration,

• WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration,

• WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command,

• WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration,

• WatchGuard Firebox iked Memory Corruption Vulnerability,

• WatchGuard Firebox Authenticated Out of Bounds Write in certd,

Advisories

Wireshark Advisory #1 - Wireshark published an advisory that describes an infinite loop vulnerability (with publicly available exploit) in their MEGACO dissector.

Wireshark Advisory #2 - Wireshark published an advisory that describes an improperly controlled sequential memory allocation vulnerability (with publicly available exploit) in their HTTP3 dissector.

Updates

Advantech Update - Advantech published an update for their WISE-DeviceOn advisory that was originally published on November 18^th, 2025.

Moxa Update #1 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025, and most recently updated on October 27^th, 2025.

Moxa Update #2 - Moxa published an update for their Secure Routers advisory that was originally published on April 2^nd, 2025, and most recently updated on October 27^th, 2025.

VMware Update - Broadcom published an update for their vCenter Server advisory that was originally published on September 21s, 2021, and most recently updated on September 24^th, 2021.

Researcher Reports

Socomec Reports - Cisco Talos published ten reports for 14 vulnerabilities in the Socomec DIRIS Digiware M-70.

Exploits

Broadcom Exploit - Laginimaineb published an exploit for an improper restriction of operations within the bounds of a memory buffer in the Broadcom BCM4355C0 Wi-Fi chips.

PX 4 Exploit - Indoushka published an exploit for a stack-based buffer overflow vulnerability in the PX4 drone autopilot.

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-2dc - subscription required.

Review – Public ICS Disclosures – Week of 11-22-25 – Part 1

This week is a moderately busy disclosure week. For Part 1 we have 13 vendor disclosures from Carrier (3), Dassault Systems (2), Eaton, Hitachi, Janitza, Mitsubishi, Moxa (3), and Splunk.

Advisories

Carrier Advisory #1 - Carrier published an advisory that describes two vulnerabilities in the multiple Carrier and Automated Logic products.

Carrier Advisory #2 - Carrier published an advisory that describes an improper validation of array index vulnerability in multiple Carrier and Automated Logic products.

Carrier Advisory #3 - Carrier published an advisory that describes an improper input validation vulnerability in Carrier and Automated Logic Zone Controllers.

Dassault Advisory #1 - Dassault published an advisory that describes a cross-site scripting vulnerability in their ENOVIA Product Manager.

Dassault Advisory #2 - Dassault published an advisory that that describes a cross-site scripting vulnerability in their DELMIA Service Process Engineer product.

Eaton Advisory - Eaton published an advisory that describes a path traversal vulnerability in their Galileo Software.

Hitachi Advisory - Hitachi published an advisory that discusses three vulnerabilities in multiple Hitachi products.

Janitza Advisory - CERT-VDE published an advisory that describes an improper validation of specified type of input vulnerability in the Janitza UMG 96-PA and UMG 96-PA-MID products.

Mitsubishi Advisory - Mitsubishi published an advisory that describes a cleartext storage of sensitive information vulnerability in their GX Works2 product.

Moxa Advisory #1 - Moxa published an advisory that describes a clickjacking vulnerability in their ioLogik E1200 Series and E 2200 series products.

Moxa Advisory #2 - Moxa published an advisory that describes a password autocompletion vulnerability in their ioLogik E1200 Series and E 2200 series products.

Moxa Advisory #3 - Moxa published an advisory that describes a cleartext transmission of sensitive information vulnerability in their ioLogik E1200 Series and E 2200 series products.

Splunk Advisory #1 - Splunk published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Add-On for Palo Alto Networks.

Splunk Advisory #2 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploits) in their SOAR product.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-485 - subscription required.

Review – Public ICS Disclosures – Week of 11-8-25 – Part 2

For Part 2 we have seven additional vendor disclosures from Rockwell, Schneider (2), Splunk (3), and Supermicro. We have a bulk update from Siemens (18). There are five additional vendor updates from Dell and Schneider (4). Finally, we have two researcher reports about vulnerabilities in products from Ilevia and QNAP.

Advisories

Rockwell Advisory - Rockwell published an advisory that describes a stack-based buffer overflow vulnerability in their Arena Simulation product.

Schneider Advisory #1 - Schneider published an advisory that describes three vulnerabilities in their PowerChute Serial Shutdown product.

Schneider Advisory #2 - Schneider published an advisory that discusses a use of broken or risky cryptographic algorithm vulnerability in their EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio products.

Splunk Advisory #1 - Splunk published an advisory that discusses a stack-based buffer overflow vulnerability in their Enterprise product.

Splunk Advisory #2 - Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise product.

Splunk Advisory #3 - Splunk published an advisory that describes an open redirect vulnerability in their Enterprise product.

Supermicro Advisory - Supermicro published an advisory that discusses a stale translation lookaside buffer (TLB) entry vulnerability in multiple Supermicro products.

Bulk Updates – Siemens

• Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices,

• Multiple Vulnerabilities in Fortigate NGFW Before V7.4.3 on RUGGEDCOM APE1808 Devices,

• RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC, SICAM and Related Products,

• Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices,

• Weak Encryption Vulnerability in SIPROTEC 5 Devices,

• Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module,

• Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products,

• Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices,

• Accessible Development Shell via Physical Interface in SIPROTEC 5,

• Multiple Web Server Vulnerabilities in SICAM GridEdge Before V2.6.6,

• Denial of Service Vulnerability in SIPROTEC 5 Devices #1,

• Denial of Service Vulnerability in SIPROTEC 5 Devices #2,

• Client-Side Enforcement of Server-Side Security Vulnerabilities in RUGGEDCOM ROX II,

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery,

• Improper Access Control Vulnerability in SICAM GridEdge Before V2.7.3,

• Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs, and

• Improper Limitation of Filesystem Access through Web Server Vulnerability in SIPROTEC 5.

Updates

Dell Update - Dell published an update for their ThinOS 10 advisory that was originally published on October 21^st, 2025.

Schneider Update #1 - Schneider published an update for their CODESYS Runtime advisory that was originally published on July 11^th, 2023, and most recently updated on August 12^th, 2025.

Schneider Update #2 - Schneider published an update for their Saitel DR advisory that was originally published on August 12^th, 2025.

Schneider Update #3 - Schneider published an update for their EcoStruxure Power Monitoring Expert advisory that was originally published on August 12^th, 2025, and most recently updated on October 14^th, 2025.

Schneider Update #4 - Schneider published an update for their FlexNet Publisher advisory that was originally published on January 14^th, 2025, and most recently updated on October 14^th, 2025.

Researcher Reports

Ilevia Report - Zero Science published a report describing an OS command injection vulnerability (with publicly available exploit) in the Ilevia EVE X1 Server.

QNAP Report - VulnCheck reports that they have added an exposure of sensitive information to an unauthorized actor vulnerability in the QNAP Photo Station product to the VulnCheck KEV list.

 

For more information on these disclosures, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-ddc - subscription required.

Review – Public ICS Disclosures – Week of 9-27-25 - Part 1

This week we have a moderately busy disclosure week. We have a bulk disclosure from Splunk (7) vendor disclosures from ABB. We also have eight vendor disclosures from ABB, Cisco, Hitachi (3), Hitachi Energy (2), and HP.

Bulk Disclosure – Splunk

Third Party Packages in Splunk Enterprise SVD-2025-1007,

Splunk Enterprise server-side request forgery SVD-2025-1006,

Splunk Enterprise multiple LDAP bind requests SVD-2025-1005,

Splunk Enterprise XML external entity (XXE) injection SVD-2025-1004,

Splunk Enterprise execution of unauthorized JavaScript code SVD-2025-1003,

Splunk Enterprise execution of unauthorized JavaScript code SVD-2025-1002, and

Splunk Enterprise exposing sensitive search results SVD-2025-1001

 Advisories

ABB Advisory - ABB published an advisory that describes a heap-based buffer overflow vulnerability in their Terra AC wallbox (JP) product.

Cisco Advisory - Cisco published an advisory that discusses two cross-site scripting vulnerabilities in their Cyber Vision Center product.

Hitachi Advisory #1 - Hitachi published an advisory that discusses 13 vulnerabilities (one with publicly available exploits) in their Ops Center Common Services product.

Hitachi Advisory #2 - Hitachi published an advisory that discusses 18 vulnerabilities (three with publicly available exploits) in multiple Hitachi products.

Hitachi Advisory #3 - Hitachi published an advisory that discusses two vulnerabilities in multiple Hitachi products.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes an improper output neutralization for logs vulnerability in their Asset Suite product.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes three vulnerabilities in their MACH GWS product.

HP Advisory #1 - HP published an advisory that discusses nine vulnerabilities in multiple HP thin client PCs.

HP Advisory #2 - HP published an advisory that describes an improper input validation vulnerability in their Support Assistant product.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-4bc - subscription required.

Review – Public ICS Disclosures – Week of 8-2-25

We have a relatively light disclosure week. This week we have nine vendor disclosures from CODESYS (3), Dell, Draeger, Eaton, Hitachi, HPE, and Splunk. There are also seven vendor updates from HP (3), HPE, Mitsubishi, and Moxa (2). Finally, we have an exploit for products from Tigo.

Advisories

CODESYS Advisory #1 - CODESYS published an advisory that describes an incorrect default permissions vulnerability in their Control runtime systems.

CODESYS Advisory #2 - CODESYS published an advisory that describes a NULL pointer dereference vulnerability in their Control runtime system's CmpDevice component.

CODESYS Advisory #3 - CODESYS published an advisory that describes an incorrect permission assignment for critical resource vulnerability in their Control runtime system CmpOpenSSL component.

Dell Advisory - Dell published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their ThinOS products.

Draeger Advisory - Draeger published an advisory that describes a missing authorization vulnerability in their  ICMHelper product.

Eaton Advisory - Eaton published an advisory that describes two vulnerabilities in their Rack PDU G4 product.

Hitachi Advisory - Hitachi published an advisory that discusses three vulnerabilities in their Cosminexus Developer's Kit.

HPE Advisory - HPE published an advisory that describes ten vulnerabilities in their Private Cloud AI.

Splunk Advisory #1 - Splunk published an advisory that discusses five vulnerabilities (two with publicly available exploits) in their AppDynamics Cluster Agent.

Splunk Advisory #2 - Splunk published an advisory that discusses 148 vulnerabilities in their On-premise Enterprise Console.

Updates

HP Update #1 - HP published an update for their Intel PROSet/Wireless WiFi advisory that was originally published on May 13^th, 2025.

HP Update #2 - HP published an update for their AMD Graphics Driver advisory that was originally published on February 11^th, 2025.

HP Update #3 - HP published an update for their Elan Fingerprint Sensor advisory that was originally published on April 10^th, 2025.

HPE Update - HPE published an update for their SANnav Management Portal advisory that was originally published on July 8^th, 2025.

Mitsubishi Update - Mitsubishi published an update for their GENESIS64 advisory that was originally published on May 15^th, 2025.

Moxa Update #1 - Moxa published an update for their OnCell 3120-LTE-1 advisory that was originally published on September 4^th, 2024.

Moxa Update #2 - Moxa published an update for their MGate MB3XXX advisory that was originally published on February 17^th, 2022.

Exploits

Tigo Exploit - Byte Reaper published an exploit for a command injection vulnerability in the Tigo Cloud Connect Advanced products.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-d28 - subscription required.

Review – Public ICS Disclosures – Week of 7-5-25 – Part 1

This is a heavy week (even for the monthly cyber disclosure week) for public ICS disclosures, I count over 90 separate disclosures. To make this a reasonable series of reports, I am going to try a new short cut; where a vendor has more than 10 separate disclosures, I am going to list them in a “bulk disclosure” listing.

Bulk Disclosures

Broadcom published 15 separate advisories (including 2 updated advisories) for their Brocade products.

HPE published 21 separate advisories (including 1 updated advisory).

Schneider published 10 separate advisories (including 6 updated advisories).

Siemens published 20 separate advisories (including 17 updated advisories) that were not covered earlier this week by CISA.

Splunk published 12 separate advisories.

Normal Disclosures

Additionally, this week we have vendor disclosures from FortiGuard (5), Frauscher, HMS, and HP (2).

Advisories

FortiGuard Advisory #1 - FortiGuard published an advisory that describes an SQL injection vulnerability in multiple FortiGuard products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an improperly implemented security check for standard vulnerability in multiple FortiGuard products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes a heap-based buffer overflow vulnerability in their FortiOS product.

FortiGuard Advisory #4 - FortiGuard published an advisory that describes a missing critical step in authentication vulnerability in their FortiOS and FortiProxy products.

FortiGuard Advisory #5 - FortiGuard published an advisory that describes an insufficient session expiration vulnerability in their FortiIsolator and FortiSandbox products.

Frauscher Advisory - CERT-VDE published an advisory that describes two OS command injection vulnerabilities in the Frauscher FDS products.

HMS Advisory - HMS published an advisory that announces that new firmware versions are available for multiple HMS products that conform to the new cybersecurity requirements found in the Radio Equipment Directive 2025.

HP Advisory #1 - HP published an advisory that discusses two transient execution vulnerabilities in multiple HP products.

HP Advisory #2 - HP published an advisory that describes an improper privilege management vulnerability in their Support Assistant product.

 

For more information on these disclosures, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-9c5 - subscription required.

Review – Public ICS Disclosures – Week of 6-21-25 – Part 2

For Part 2 we have six additional vendor disclosures from MB Connect, Splunk (4), and Westermo. There are four vendor updates from Hitachi Energy, MB Connect, and Palo Alto Networks (2). Finally, we have two exploits for vulnerabilities in products from Faydam and PX4.

Advisories

MB Connect Advisory - MB Connect published an advisory that describes a missing authentication for critical function vulnerability in their mymbCONNECT24 product.

Splunk Advisory #1 - Splunk published an advisory that discusses seven vulnerabilities in their AppDynamics Smart Agent.

Splunk Advisory #2 - Splunk published an advisory that discusses three vulnerabilities {one on CISA’s Known Exploited Vulnerabilities (KEV) catalog} in their Operator for Kubernetes.

Splunk Advisory #3 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their UniversalForwarder Docker product.

Splunk Advisory #4 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their Splunk Docker product.

Westermo Advisory - Westermo published an advisory that discusses the Misfortune Cookies vulnerabilities in their EDW-100 and EDW-120 serial to Ethernet converters.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their Intel Chipset Software advisory that was originally published on February 25^th, 2025.

MB Connect Update - MB Connect published an update for their mymbCONNECT24 advisory that was originally published on December 19^th, 2024, and most recently updated on May 22^nd, 2025.

Palo Alto Networks Update #1 - PAN published an update for their GlobalProtect advisory that was originally published on June 11^th, 2025.

Palo Alto Networks Update #2 - PAN published an update for their Command Injection Vulnerability advisory that was originally published on June 11^th, 2025.

Exploits

Faydam Exploit - Serhat Aydın published an exploit for an SQL injection vulnerability in the Faydam Datalogger.

PX4 Exploit - Mohammed Idrees Banyamer published an exploit for a stack-based buffer overflow vulnerability in the PX4 open-source drone autopilot.

Review – Public ICS Disclosures – Week of 6-7-25 – Part 2

This week for Part 2 we have 17 additional vendor disclosures from Moxa, Palo Alto Networks (7), Schneider (3), Siemens, Splunk (2), Supermicro (2), and Weidmueller. Part 3 is scheduled for Tuesday.

Advisories

Moxa Advisory - Moxa published an advisory that describes an improper validation of specified type of input vulnerability in their PT-G7728 & PT-G7828 switches.

PAN Advisory #1 - Palo Alto Networks published an advisory that discusses 11 vulnerabilities in their Prisma Access Browser.

PAN Advisory #2 - Palo Alto Networks published an advisory that describes an improper neutralization of wild cards or matching symbols vulnerability in their Global Protect product.

PAN Advisory #3 - Palo Alto Networks published an advisory that describes a command injection vulnerability in their PAN-OS, Cloud NGFW, and Prisma Access products.

PAN Advisory #4 - Palo Alto Networks published an advisory that describes an OS command injection vulnerability in their PAN-OS, Cloud NGFW, and Prisma Access products.

PAN Advisory #5 - Palo Alto Networks published an advisory that describes an exposure of sensitive information to an unauthorized control sphere vulnerability in their PAN-OS, Cloud NGFW, and Prisma Access products.

PAN Advisory #6 - Palo Alto Networks published an advisory that describes an incorrect privilege assignment vulnerability in their Cortex XDR Broker VM.

PAN Advisory #7 - Palo Alto Networks published an advisory that describes a clear-text transmission of sensitive information vulnerability in their GlobalProtect App.

Schneider Advisory #1 - Schneider published an advisory that discusses multiple vulnerabilities in their Insight Home and Insight Facility products.

Schneider Advisory #2 - Schneider published an advisory that describes six vulnerabilities in their Modicon Controllers.

Schneider Advisory #3 - Schneider published an advisory that describes four vulnerabilities in their EVLink WallBox.

Siemens Advisory - Siemens published an advisory that describes a zip path traversal vulnerability in their module installation process of Studio Pro product.

Splunk Advisory #1 - Splunk published an advisory that discusses six vulnerabilities (two with publicly available exploits) in their Machine Learning Toolkit (MLTK).

Splunk Advisory #2 - Splunk published an advisory that discuses multiple vulnerabilities in their Python for Scientific Computing product, only two vulnerabilities are listed by CVE#s.

Supermicro Advisory #1 - Supermicro published an advisory that discusses an out-of-bounds read vulnerability in multiple Supermicro products.

Supermicro Advisory #2 - Supermicro published an advisory that discusses an improper access control for register intake vulnerability in multiple Supermicro products.

Weidmueller Advisory - CERT-VDE published an advisory that describes three vulnerabilities (with publicly available exploits) in the Weidmueller IE-SR-2TX security routers.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-b27 - subscription required

Review – Public ICS Disclosures – Week of 4-26-25 – Part 2

For Part 2 this week we have three additional vendor disclosures from Splunk, Western Digital, and Wiesemann and Theis. There are also two vendor updates from Hitachi Energy and Palo Alto Networks. We also have nine researcher reports about vulnerabilities in products from Daikin, HP Wolf, Tesla (6), and SonicWall.

Advisories

Splunk Advisory - Splunk published an advisory that discusses 13+ vulnerabilities (six with publicly available exploits) in their User Behavior Analytics product.

Western Digital Advisory - Western Digital published an advisory that discusses 12 vulnerabilities (six with publicly available exploits) in their My Cloud devices.

Wiesemann Advisory - CERT-VDE published an advisory that describes the use of a broken or risky cryptographic algorithm vulnerability in the Wiesemann and Theis Com-Server products.

Updates

Hitachi Energy Update - Hitachi Energy published an update that provides additional information on their RTU500 series advisory that was originally published on March 25^th, 2025.

Palo Alto Networks Update - Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on April 9^th, 2025, and most recently updated on April 21^st, 2025.

Researcher Reports

Daikin Report - Zero Science published a report that describes an insecure direct object reference vulnerability in the Daikin Security Gateway.

HP Wolf Report - SEC Consult published a report that describes a CSRF vulnerability in the HP Wolf Security Controller, as well as multiple misconfiguration issues.

Tesla Reports - ZDI published six reports about individual vulnerabilities in the Tesla Model S.

SonicWall Report - BishopFox published a report that describes a denial of service vulnerability in the SonicWall Sonic OS product.

 

For more information on these disclosures, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-d05 - subscription required.

Review – Public ICS Disclosures – Week of 4-5-25 – Part 2

For Part 2 this week we have 23 additional vendor disclosures from Panasonic, Philips (2), Schneider (2), Siemens (3), and Splunk (15).

Advisories

Panasonic Advisory - Panasonic published a release note that reports a fix for a missing protection mechanism for alternate hardware interface vulnerability in their Wi-Fi based IR Blaster.

Philips Advisory #1 - Philips published an advisory that describes three vulnerabilities in their Philips IntelliSpace Portal and Advanced Visualization Workspace products.

Philips Advisory #2 - Philips published an advisory that discusses a CrushFTP authentication bypass vulnerability.

Schneider Advisory #1 - Schneider published an advisory that describes two vulnerabilities ConneXium Network Manager software.

Schneider Advisory #2 - Schneider published an advisory that describes three vulnerabilities in their Trio Q Licensed Data Radios.

Siemens Advisory #1 - Siemens published an advisory that describes an observable response discrepancy vulnerability in their Mendix Runtime product.

Siemens Advisory #2 - Siemens published an advisory that describes a weak authentication vulnerability in their Industrial Edge Device Kit.

Siemens Advisory #3 - Siemens published an advisory that describes an uncontrolled resource consumption vulnerability in their ICMP service in Industrial Devices.

Splunk Advisory #1 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit code) in their Connect for Syslog product.

Splunk Advisory #2 - Splunk published an advisory that discusses an injection vulnerability in their SDK for JavaScript.

Splunk Advisory #3 - Splunk published an advisory that discusses multiple vulnerabilities in their Juniper SRX App. These are third-party (Libxml2) vulnerabilities.

Splunk Advisory #4 - Splunk published an advisory that discusses multiple vulnerabilities in their Microsoft SQL Server App.

Splunk Advisory #5 - Splunk published an advisory that discusses multiple vulnerabilities in their Microsoft Azure SQL App.

Splunk Advisory #6 - Splunk published an advisory that discusses multiple vulnerabilities in their Kafka App.

Splunk Advisory #7 - Splunk published an advisory that discusses multiple vulnerabilities in their Snowflake App.

Splunk Advisory #8 - Splunk published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their NetWitness Logs and Packets App.

Splunk Advisory #9 - Splunk published an advisory that discusses an insufficient verification of data authenticity vulnerability in their Symantec Endpoint Protection 14 App.

Splunk Advisory #10 - Splunk published an advisory that discusses multiple vulnerabilities (one with publicly available exploit) in their Symantec Data Loss Prevention App.

Splunk Advisory #11 - Splunk published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their ProtectWise App.

Splunk Advisory #12 - Splunk published an advisory that discusses multiple vulnerabilities (one with publicly available exploit) in their PostgreSQL App.

Splunk Advisory #13 - Splunk published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their PagerDuty App.

Splunk Advisory #14 - Splunk published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their FireAMP App.

Splunk Advisory #15 - Splunk published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their Fidelis Network App.

 

For more information on these disclosures, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-dd3 - subscription required.

Review – Public ICS Disclosures – Week of 3-29-25 – Part 2

For Part 2 we have five additional vendor disclosures from Moxa (2), Splunk (2), and VMware. We also have three vendor updates from FortiGuard, HP, and Palo Alto Networks. There are eight researcher reports for vulnerabilities in products from STMicroelectronics (4) and BEC Technologies (4). Finally we have five exploits for products from Broadcom, Microchip (2), Palo Alto Networks, and Splunk.

Advisories

Moxa Advisory #1 - Moxa published an advisory that describes an OS command injection vulnerability in their Secure Routers, Cellular Routers, Network Security Appliances.

Moxa Advisory #2 - Moxa has new firmware versions for most of the affected products.

Splunk Advisory #1 - Splunk published an advisory that discusses three vulnerabilities in their UniversalForwarder Docker product.

Splunk Advisory #2 - Splunk published an advisory that discusses three vulnerabilities in their Splunk Docker product.

VMware Advisory - Broadcom published an advisory that describes an improper privilege management vulnerability in the VMware Aria Operations product.

Updates

FortiGuard Update - FortiGuard published an update for their Authentication bypass in Node.js advisory that was originally published on January 14^th, 2025, and most recently updated on February 11^th, 2025.

HP Update - HP published an update for their Intel 2024.3 IPU – Chipset advisory that was originally published on October 24^th, 2024.

Palo Alto Networks Update - Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on March 12^th, 2025, and most recently updated on March 13^th, 2025.

Researcher Reports

STMicroelectronics Reports - Cisco Talos published four reports (including proof-of-concept code) about seven vulnerabilities in the STMicroelectronics X-CUBE-AZRTOS-F7 product.

BEC Technologies Reports - ZDI published four reports about individual vulnerabilities in the BEC Technologies Routers. ZDI reported the vulnerabilities to the vendor but has received no response.

Exploits

Broadcom Exploit - Pierre Kim published an exploit for ten vulnerabilities in the Broadcom Brocade Fabric OS.

Microchip Exploit #1 - Antonio Carriero (et al) published an exploit for an OS command injection vulnerability in the Microchip TimeProvider 4100 Grandmaster product.

Microchip Exploit #2 - Antonio Carriero (et al) published an exploit for a cross-site scripting vulnerability in the Microchip TimeProvider 4100 Grandmaster product.

Palo Alto Networks Exploit - Pierre Kim published an exploit for three deep packet inspection vulnerabilities in the Palo Alto Networks firewalls.

Splunk Exploit - Gunzf0x published an exploit for a path traversal vulnerability in the Splunk Enterprise on Windows product.

 

For more information on these disclosures, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-9a7 - subscription required.