Public ICS Disclosures – Week of 4-26-25 – Part 2
For Part 2 this week we have three additional vendor disclosures from Splunk, Western Digital, and Wiesemann and Theis. There are also two vendor updates from Hitachi Energy and Palo Alto Networks. We also have nine researcher reports about vulnerabilities in products from Daikin, HP Wolf, Tesla (6), and SonicWall.
Splunk Advisory
Splunk published an advisory that discusses 13+ vulnerabilities (six with publicly available exploits) in their User Behavior Analytics product. These are third-party vulnerabilities. Splunk has a new version that mitigates the vulnerabilities.
The following reported vulnerabilities have publicly available exploits
Uncontrolled resource consumption - CVE-2024-3651 (exploit),
CRLF injection - CVE-2019-11236 (contains proof-of-concept code),
Inefficient regular expression complexity - CVE-2022-40897 (contains POC code),
Improper input validation - CVE-2022-40898 (contains POC code),
Incorrect resource transfer between spheres - CVE-2024-37891 (POC video), and
Code injection - CVE-2024-6345 (exploit).
NOTE: The advisory lists three additional vendors as contributing ‘multiple vulnerabilities’ without listing the CVE numbers. So there may be additional vulnerabilities with publicly available exploits.
Western Digital Advisory
Western Digital published an advisory that discusses 12 vulnerabilities (six with publicly available exploits) in their My Cloud devices. These are third-party vulnerabilities. Western has new versions that mitigate the vulnerabilities.
The following reported vulnerabilities have publicly available exploits,
Mishandling leading zero characters - CVE-2021-29921 (exploit),
Command injection - CVE-2015-20107 (contains POC code),
Inefficient algorithmic complexity - CVE-2022-45061 (contains POC code)
Improper input validation - CVE-2023-24329 (exploit),
Infinite loop - CVE-2021-3737 (contains POC code),
Injection - CVE-2022-0391 (contains POC code),
Wiesemann Advisory
CERT-VDE published an advisory that describes the use of a broken or risky cryptographic algorithm vulnerability in the Wiesemann and Theis Com-Server products. Wiesemann has a new version that mitigates the vulnerability.
NOTE: This probably should be listed as multiple vulnerabilities (many with known exploits) because Wiesemann was still using TLS 1.0 and 1.1. Simple listing it as CWE-327 is hiding multiple sins.
Hitachi Energy Update
Hitachi Energy published an update that provides additional information on their RTU500 series advisory that was originally published on March 25th, 2025. The new information includes updating Recommended Action with fixed version 13.7.6.
Palo Alto Networks Update
Palo Alto Networks published an update for their GlobalProtect App advisory that was originally published on April 9th, 2025, and most recently updated on April 21st, 2025. The new information includes updating the fix version for 6.2.7 and 6.3.3.
Daikin Report
Zero Science published a report that describes an insecure direct object reference vulnerability in the Daikin Security Gateway. The vulnerability was reported to the vendor, but no response was received. An exploit has been published for the vulnerability.
HP Wolf Report
SEC Consult published a report that describes a CSRF vulnerability in the HP Wolf Security Controller, as well as multiple misconfiguration issues. This is a coordinated disclosure with HP Wolf treating these all of the reported issues as misconfiguration issues with no fix planned.
Tesla Reports
ZDI published six reports about individual vulnerabilities in the Tesla Model S. The reported vulnerabilities were reported in a recent Pwn2Own competition. Tesla has a new version that mitigates the vulnerabilities.
The six reported vulnerabilities are:
Integer overflow or wrap around - CVE-2025-2082,
OS command injection - CVE-2024-6032,
Execution with unnecessary privilege - CVE-2024-6030,
Improper input validation - CVE-2024-13943,
Heap-based buffer overflow - CVE-2024-6031, and
TOCTOU race condition - CVE-2024-6029
SonicWall Report
BishopFox published a report that describes a denial of service vulnerability in the SonicWall Sonic OS product. The vulnerability was previously disclosed by SonicWall.