Public ICS Disclosures – Week of 9-27-25 - Part 1

This week we have a moderately busy disclosure week. We have a bulk disclosure from Splunk (7) vendor disclosures from ABB. We also have eight other vendor disclosures from ABB, Cisco, Hitachi (3), Hitachi Energy (2), and HP.

Bulk Disclosure – Splunk

• Third Party Packages in Splunk Enterprise SVD-2025-1007,

• Splunk Enterprise server-side request forgery SVD-2025-1006,

• Splunk Enterprise multiple LDAP bind requests SVD-2025-1005,

• Splunk Enterprise XML external entity (XXE) injection SVD-2025-1004,

• Splunk Enterprise execution of unauthorized JavaScript code SVD-2025-1003,

• Splunk Enterprise execution of unauthorized JavaScript code SVD-2025-1002, and

• Splunk Enterprise exposing sensitive search results SVD-2025-1001

ABB Advisory

ABB published an advisory that describes a heap-based buffer overflow vulnerability in their Terra AC wallbox (JP) product. The vulnerability was reported by Ryo Kato. ABB has a new version that mitigates the vulnerability.

Cisco Advisory

Cisco published an advisory that discusses two cross-site scripting vulnerabilities in their Cyber Vision Center product. The vulnerabilities were reported by Joost Spanjerberg and Sjoerd de Haas of Schiphol. Cisco has new versions that mitigate the vulnerability.

Hitachi Advisories

Hitachi published an advisory that discusses 13 vulnerabilities in their Ops Center Common Services product. These are third-party vulnerabilities. Hitachi has new versions that mitigate the vulnerabilities.

The following listed vulnerability has publicly available exploits:

• Improper input validation - CVE-2025-24970 (exploit)

Hitachi published an advisory that discusses 18 vulnerabilities in multiple Hitachi products. These are third-party vulnerabilities. Hitachi has new versions that mitigate the vulnerabilities.

The following listed vulnerabilities have publicly available exploits:

• HTTP request/response smuggling - CVE-2024-27982 (exploit),

• Uncontrolled resource consumption - CVE-2024-47535 (contains POC code),

• Improper input validation - CVE-2025-24970 (exploit)

Hitachi published an advisory that discusses two vulnerabilities in multiple Hitachi products. These are third-party vulnerabilities. Hitachi has new versions that mitigate the vulnerability.

Hitachi Energy Advisories

Hitachi Energy published an advisory that describes an improper output neutralization for logs vulnerability in their Asset Suite product. Hitachi Energy recommends disabling performance logging feature.

Hitachi Energy published an advisory that describes three vulnerabilities in their MACH GWS product. Hitachi Energy has a new version that mitigates the vulnerabilities.

The three reported vulnerabilities are:

• Incorrect default permissions - CVE-2025-39201,

• Improper validation of integrity check value - CVE-2025-39203, and

• Improper certificate validation - CVE-2025-39205

HP Advisories

HP published an advisory that discusses nine vulnerabilities in multiple HP thin client PCs. These are third-party (AMD) vulnerabilities. HP has BIOS updates that mitigate the vulnerabilities.

The nine reported vulnerabilities are:

• Improper validation of specified index, position, or offset input vulnerability - CVE-2024-36342,

• Improper prevention of lock bit modification - CVE-2024-36354,

• Insufficient granularity of access control - CVE-2024-21947,

• Out-of-bounds write - CVE-2021-26383,

• Improper validation of array index - CVE-2024-21970,

• Not listed in NVD.NIST.gov - CVE-2023-20572,

• Integer overflow or wrap around (2) - CVE-2021-26377 and CVE-2021-46750, and

• Use of uninitialized variable - CVE-2023-31326, and

HP published an advisory that describes an improper input validation vulnerability in their Support Assistant product. The vulnerability was reported by Sheikh Rishad. HP has a new version that mitigates the vulnerability.