Review – Public ICS Disclosures – Week of 3-21-26 – Part 2

For Part 2 we have nine additional vendor disclosures from Siemens, Supermicro, TP-Link (4), WatchGuard (2), and Yokogawa. Finally, we have a vendor update from FortiGuard.

Advisories

Siemens Advisory - Siemens published an advisory that describes two vulnerabilities in their SICAM 8 products.

Supermicro Advisory - Supermicro published an advisory that discusses nine vulnerabilities in multiple Supermicro product lines.

TP-Link Advisory #1 - TP-Link published an advisory that describes a clear-text storage of sensitive information vulnerability in their TL-WR850N wireless router.

TP-Link Advisory #2 - TP-Link published an advisory that describes an out-of-bounds read vulnerability in their TL-WR841N wireless router.

TP-Link Advisory #3 - TP-Link published an advisory that describes an improper input validation vulnerability in their TD-W8961N wireless modem-router.

TP-Link Advisory #4 - TP-Link published an advisory that describes four vulnerabilities in their Archer NX series gigabit wireless routers.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes a deserialization of untrusted data vulnerability in their Fireware OS products.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a cross-site request forgery vulnerability in their Fireware OS WebUI.

Yokogawa Advisory - Yokogawa published an advisory that describes a use of hard-coded password vulnerability in their CENTUM VP products.

Updates

FortiGuard Update - FortiGuard published an update for their vmimages update feature advisory that was originally published on March 10^th, 2026.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-a57 - subscription required.

House Reamended and Repassed HR 7147 – FY 2026 DHS Spending

Friday, after receiving the amended version of HR 7147, the FY 2026 DHS spending bill, from the Senate, the House took up H Res 1142 - Providing for disposition of the Senate amendment to the bill (H.R. 7147) making further consolidated appropriations for the fiscal year ending September 30, 2026, and for other purposes. That resolution was very short:

“Resolved, That upon adoption of this resolution, the House shall be considered to have taken from the Speaker's table the bill (H.R. 7147) making further consolidated appropriations for the fiscal year ending September 30, 2026, and for other purposes, with the Senate amendment thereto, and to have concurred in the Senate amendment with an amendment consisting of the text of Rules Committee Print 119–21.”

The resulting House amended version of HR 7147, would extend the lapsed continuing resolution (PL 119-37) through May 22nd, 2026.

After almost two hours of debate the House approved H Res 1142 by a near party-line vote of 213 to 203. Three Democrats and one Independent voted with the Republicans on the resolution. The further amended version of HR 7147 now goes back to the Senate.

The Senate is not scheduled to return to Washington until April 13^th, 2026. In my opinion, there is not much chance that the Senate will agree to the House amendment. It will be interesting to see if they ask the House to go to conference on the bill.

Chemical Incident Reporting – Week of 3-21-26

NOTE: See here for series background.

Beachwood, OH – 3-19-26

Local News Report: Here and here.

There was a medical clinic that was evacuated due to an unidentified odor. Oxygen levels tested as low. While some workers felt ill, there were no hospitalizations reported.

Not CSB reportable.

Port Arthur, TX – 3-23-26

Local News Report: Here, here, and here.

There was an explosion and fire at an oil refinery. A shelter-in-place order was issued for nearby residents. No injuries or fatalities were reported.

Possible CSB reportable.

Berlin, NJ – 3-26-26

Local News Report: Here, here, and here.

There was a gas pipeline leak that caused  highway closure. No fires, injuries, or deaths were reported.

Not CSB reportable, transportation incident.

Spartanburg, SC – 3-26-26

Local News Report: Here and here.

There was a rail car pressurization event at a chemical manufacturing facility. Flaring was used to relieve the excessive pressure in the railcar. No injuries were reported.

 

Not CSB reportable.

HR 7147 Amended and Passed in Senate – FY 2026 DHS Spending

Late Thursday night (actually 2:17 am Friday) the Senate bypassed all of the previous attempts to close debate on proceeding to consideration of HR 7147, the FY 2026 DHS spending bill, and began consideration of the bill (pg S1660) under unanimous consent. The Senate took up Thune amendment SA 4790, which was substitute language that removed the section dealing with Immigration and Customs Enforcement (ICE), thus removing funding for that agency from the bill. The amended language and then the amended bill were then adopted by voice vote. Of course, ICE has continued functioning and paying their personnel during the DHS shutdown from monies authorized by the “Big Beautiful Bill”.

Passed by ‘voice vote’ is normally an indication of broad, bipartisan support, as would the consideration of the measure under unanimous consent. But, this bill was ‘considered’ late at night and reporting by Andrew Desiderio of Punchbowl.news noted that there were only five Senators present on the Senate floor when the vote was cast; Sen Thune (R,SD), Sen Schmidt (R,MO), Sen Moreno (R,OH; presiding), Sen Schatz (D,HI), and Sen Kim (D,NJ). So, while there was technically bipartisan support for the measure, there are legitimate questions about how widespread that support extended in both parties.

More on subsequent action in the House in a separate post.

Review – Public ICS Disclosures – Week of 3-21-26 – Part 1

This week was a relatively light disclosure week. We have eleven vendor disclosures from ABB, CODESYS (2), Helmholz, Hitachi (2), HP, HPE, MB Connect, Mitsubishi, and Philips.

 

Advisories

 

ABB Advisory - ABB published an advisory that discusses 25 vulnerabilities in their Ability Camera Connect product.

CODESYS Advisory #1 - CODESYS published an advisory that describes the use of an externally-controlled format string vulnerability in their Control and Runtime Toolkit products.

CODESYS Advisory #2 - CODESYS published an advisory that describes an incorrect resource transfer between spheres vulnerability in their Control runtime system.

Helmholz Advisory - CERT-VDE published an advisory that describes two vulnerabilities in the Helmholz myREX24V2 products.

Hitachi Advisory #1 - Hitachi published an advisory that describes a cross-site scripting vulnerability in their Infrastructure Analytics Advisor and Ops Center Analyzer products.4

Hitachi Advisory #2 - Hitachi published an advisory that describes an open redirect vulnerability in their Ops Center Administrator product.

HP Advisory - HP published an advisory that discusses an out-of-bounds write vulnerability in their consumer notebook PCs.

HPE Advisory - HPE published an advisory that discusses three vulnerabilities (two with publicly available exploits) in their Telco Service Orchestrator product.

MB Connect Advisory - MB Connect published an advisory that describes two vulnerabilities in their mbCONNECT24 products.

Mitsubishi Advisory - Mitsubishi published an advisory that discusses a heap-based buffer overflow vulnerability in multiple Mitsubishi HVAC products.

Philips Advisory - Philips published an advisory that discusses a known Oracle missing authentication for critical function vulnerability.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-4d6 - subscription required

Short Takes – 3-27-26 – Federal Register Edition

Perchloroethylene (PCE) and Carbon Tetrachloride (CTC); Regulation Under the Toxic Substances Control Act (TSCA); Compliance Date Extensions. Federal Register EPA notice of proposed rulemaking. Summary: “The Environmental Protection Agency (EPA or Agency) is proposing to extend certain compliance dates applicable to certain entities subject to the regulation of perchloroethylene (PCE) and carbon tetrachloride (CTC) under the Toxic Substances Control Act (TSCA). EPA is proposing to extend certain Workplace Chemical Protection Program (WCPP) compliance dates for non-federal owners and operators to match the compliance dates for federal agencies and their contractors. For both PCE and CTC, this proposal would extend the compliance date for initial monitoring for inhalation exposure to June 21, 2027, and extend the compliance date to meet the existing chemical exposure limit (ECEL), establish a regulated area, provide any required respiratory personal protective equipment (PPE), and establish a respiratory PPE program to September 20, 2027. For PCE, EPA is also proposing to extend the compliance date for non-federal entities to establish and implement an exposure control plan to December 20, 2027.”

Continuation of the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities. Federal Register Office of the President continuation of national emergency notice. Summary: “These significant malicious cyber-enabled activities continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. For this reason, the national emergency declared in Executive Order 13694, and with respect to which additional steps were taken in Executive Order 13757, Executive Order 13984, Executive Order 14110 (revoked by Executive Order 14148), Executive Order 14144, and Executive Order 14306, must continue in effect beyond April 1, 2026. Therefore, in accordance with section 202(d) of the National Emergencies Act (50 U.S.C. 1622(d)), I am continuing for 1 year the national emergency declared in Executive Order 13694.”

DOT Technical Assistance PRA. Federal Register DOT/OS 60-day ICR renewal notice.

EO 14397 - Further Continuance of the Federal Emergency Management Agency Review Council. Federal Register.

Review – Bills Introduced – 3-26-26

Yesterday, with both the House and Senate in session and the Senate preparing to leave for their two week Easter holiday, there were 121 bills introduced. One of those bills may receive additional coverage in this blog:

HR 8110 To establish a grant program within the Department of Labor to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity. Lee, Susie [Rep.-D-NV-3]

Space Geek Legislation

I would like to mention one bill under my limited Space Geek coverage in this blog:

S 4264 A bill to provide NASA the authority to detect, identify, monitor, and track unmanned aircraft systems, and for other purposes. Peters, Gary C. [Sen.-D-MI]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-26-26 - subscription required.