CSB Added Woodland Pulp Incident to Active Investigations List

Yesterday the US Chemical Safety Board (CSB) updated their Current Investigations page to add their investigation into the January 27^th, 2026 fatal release of hydrogen sulfide from the process server at the Woodland Pulp facility in Baileyville, ME. Initial reports indicated that the mixing of chemicals in the process sewer resulted in the formation of the hydrogen sulfide. One college intern was killed and nine other workers on the site were injured.

The Board had announced that it was beginning an investigation on February 9^th, 2026.

This brings the number of open CSB investigations to eight.

Review – Public ICS Disclosures – Week of 2-28-26 – Part 1

This week we have bulk vendor disclosures from Broadcom (23). There are 12 additional vendor disclosures from Belden, Dell, Endress+Hauser, HP (2), HPE, Mettler Toledo, Philips, Sick, and WatchGuard (3). We also have 4 vendor updates from Broadcom (4).

Advisories

Belden Advisory - Belden published an advisory that discusses the BlastRadius.Fail vulnerability.

Dell Advisory - Dell published an advisory that discusses 86 vulnerabilities in their ThinOS product.

Endress+Hauser Advisory - CERT-VDE published an advisory that discusses an out-of-bounds write vulnerability in the Endress+Hauser CC 100 and PFC 200 products.

HP Advisory #1 - HP published an advisory that describes an incorrect default permissions vulnerability in their Event Utility product.

HP Advisory #2 - HP published an advisory that describes a use of hard-coded cryptographic key vulnerability in their SIP Service Providers products.

HPE Advisory - HPE published an advisory that describes six vulnerabilities in their Aruba Networking Wireless Operating Systems.

Mettler Toledo Advisory - CERT-VDE published an advisory that discusses an HTTP request/response smuggling vulnerability (with publicly available exploit) in the Mettler Toledo LabX product.

Philips Advisory - Philips published an advisory that discusses two Cisco Secure Firewall Management Center vulnerabilities.

Sick Advisory - Sick published an advisory that describes two files or directories accessible to external parties vulnerabilities in their Lector85x and Lector83x products.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an expected behavior violation vulnerability in their FirewareOS products.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS Web UI products.

WatchGuard Advisory #3 - WatchGuard published an advisory that describes an out-of-bounds write vulnerability in their Fireware OS products.

Updates

Broadcom Update #1 - Broadcom published an update for their Fabric OS Web application advisory that was originally published on May 10^th, 2021.

Broadcom Update #2 - Broadcom published an update for their Fabric OS advisory that was originally published on September 27^th, 2024, and most recently updated on January 28^th, 2026.

Broadcom Update #3 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 15^th, 2024, and most recently updated on February 19^th, 2026.

Broadcom Update #4 - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 8^th, 2025, and most recently updated on February 19^th, 2026.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-04b - subscription required.

Review – Bills Introduced – 3-5-26

Yesterday, with both the House and Senate in session, there were 89 bills introduced. One of those bills may receive additional coverage in this blog:

HR 7850 To amend title 17, United States Code, to provide for the diagnosis, maintenance, and repair of certain digital electronic agricultural equipment. Spartz, Victoria [Rep.-R-IN-5]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, as well as a bill mentioned in passing authorizing NOAA Weather Radio, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-5-26 - subscription required. 

Chemical Transportation Incidents – Week of 2-1-26

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 454 (405 highway, 46 air, 4 rail, 0 water)

• Serious incidents – 1 (0 Bulk release, 0 evacuation, 0 injury, 0 death, 0 major artery closed, 3 fire/explosion, 54 no release)

• Largest container involved – 28,420-gal DOT111A100W1 Railcar {Acetone} Vapor eduction valve partially open, line not capped.

• Largest amount spilled – 115-gal IBC {Flammable Liquids, Corrosive, N.O.S.} Forklift puncture.

• Total amount reported spilled in all incidents – 1311.9-gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Nitrous Oxide: Nitrous oxide is a colorless, sweet-tasting gas. It is also known as "laughing gas". Continued breathing of the vapors may impair the decision making process. It is noncombustible but it will accelerate the burning of combustible material in a fire. It is soluble in water. Its vapors are heavier than air. Exposure of the container to prolonged heat or fire can cause it to rupture violently and rocket. It is used as an anesthetic, in pressure packaging, and to manufacture other chemicals. (Source: CameoChemicals.NOAA.gov).

 

CISA Adds Hikvision Vulnerability KEV Catalog -3-5-26

Yesterday CISA announced that it had added an improper authentication vulnerability in multiple Hikvision IP cameras to the CISA Known Exploited Vulnerabilities (KEV) catalog. Hikvision reported the vulnerability in March 2017. ICS-CERT published an advisory for the vulnerability in May 2017. In January 2025 FortiNet published a report of attempts to exploit the vulnerability. In September 2025 the SANS Internet Storm Center published a report about attempts to exploit the vulnerability.

CISA ordered federal agencies using the affected equipment to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” A deadline of March 26^th, 2026 has been applied.

Interestingly §889 of the 2019 National Defense Authorization Act (PL 115-232, 132 STAT. 1917) prohibited federal agencies from using ‘covered telecommunications equipment’ from Hikvision. So, this CISA directive may have very limited application within the federal government.

CISA Adds Rockwell Vulnerability to KEV Catalog – 3-5-26

Today, CISA announced that it had added an insufficiently protected credentials vulnerability in multiple Rockwell Automation products to CISA’s Known Exploited Vulnerabilities Catalog. Rockwell previously disclosed the vulnerability in February 2021, and most recently updated that advisory in July 2022. Today, they updated their advisory to report the KEV designation. The vulnerability was originally reported to Rockwell by Claroty Team 82.

CISA has ordered federal agencies utilizing the affected product to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” A deadline of March 26^th, 2026 has been provided.

Review – 1 Advisory and 2 Updates Published – 3-5-26

Today CISA’s NCCIC-ICS published one control system security advisory for products from Delta Electronics. They also updated advisories for products from Johnson Controls and Universal Boot Loader.

Advisories

Delta Advisory - This advisory describes an out-of-bounds write vulnerability in the Delta CNCSoft-G2 devices.

Updates

Johnson Controls Update - This update provides additional information on the PowerG advisory that was originally published on December 16^th, 2025.

U-Boot Update - This update provides additional information on the U-Boot advisory that was originally published on December 9^th, 2025.

 

For more information on these advisories, including a down-the-rabbit-hole look at outdated operating systems, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-2-updates-published-e73 - subscription required.