OMB Approves FCC Satellite Broadband Final Rule

 Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the Federal Communications Commission (FCC) on Modernizing Spectrum Sharing for Satellite Broadband (SB Docket No. 25-157). The final rule was submitted to OIRA on February 13th, 2026. The FCC’s notice of proposed rulemaking was published in the Federal Register on June 13th, 2025. 

This rulemaking, as is usual for the FCC, was not published in the Spring 2025 Unified Agenda. In the Summary published in the NPRM, the Commission reported that: 

“In this document, the Federal Communications Commission (Commission or we) seeks comment on modernizing spectrum sharing between geostationary (GSO) and non-geostationary (NGSO) satellite systems operating in the 10.7-12.7, 17.3-18.6, and 19.7-20.2 GHz frequency bands in which equivalent power-flux density (EPFD) limits apply.” 

This rulemaking will be reported under my limited Space Geek coverage. Thus, I do not expect to provide detailed analysis when this final rule is published in the next week or two. I do plan on announcing its publication in the appropriate Short Takes post. 

CSB Publishes FY 2027 Budget Request

 Yesterday, the Chemical Safety Board (CSB) published their Budget Request for FY 2027. This year’s budget request was shorter than last year’s, two paragraphs instead of three. The first is standard boilerplate describing the Board’s purpose in life. The second reiterates the fact that the President is again trying to defund the CSB. It notes:  

“The President's Budget proposes to eliminate funding for the Chemical Safety & Hazard Investigation Board (CSB) as part of the Administration's plans to streamline functions across government. The President’s Budget proposes $0 for the CSB's FY 2027 budget.” 

Back in 2017 when the 45 tried to defund the CSB, the Board noted that fact in their FY 2018 budget request (pg 5) but completed their typical budget request document in any case. The reason for that is that the Board is required to independently submit their annual budget request to Congress per 42 U.S.C. §7412(r)(6)(R). 

It is disappointing that the Board has again succumbed to Presidential intimidation and has not provided Congress an outline of what the Board intends to accomplish in 2027 and the support it needs from Congress to implement those intentions. Hopefully, Congress will once again ignore the President and fund the CSB when the FY 2027 EPA spending bill is crafted and passed. 

Review – Public ICS Disclosures – Week of 3-28-26 – Part 1

This week is a relatively busy disclosure week. We have 15 vendor disclosures from ABB, Baade, Belden, Fuji Electric, Endress+Hauser, Dassault (3), HP (2), HPE, MB Connect (2), Philips, and TP-Link. 

 

Advisories  

 

ABB Advisory - ABB published an advisory that discusses 16 vulnerabilities (seven with publicly available exploits) in their System 800xA. 

Baade Advisory - CERT-VDE published an advisory that discusses a heap-based buffer overflow vulnerability in the Baade 1xCOM and 4xCOM products. 

Belden Advisory - Belden published an advisory that discusses two out-of-bounds write vulnerabilities in their NetModule Router Software. 

Fuji Advisory - JP-CERT published an advisory that describes five vulnerabilities in the Fuji V-SFT product. 

Endress+Hauser Advisory - CERT-VDE published an advisory that discusses 16 vulnerabilities in multiple Endress+Hauser products. 

Dassault Advisory #1 - Dassault published an advisory that describes a path traversal vulnerability in their DELMIA Factory Resource Manager. 

Dassault Advisory #2 - Dassault published an advisory that describes a cross-site scripting vulnerability in their ELMIA Factory Resource Manager. 

Dassault Advisory #3 - Dassault published an advisory that describes a cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator. 

HP Advisory #1 - HP published an advisory that discusses three vulnerabilities in multiple HP workstations. 

HP Advisory #2 - HP published an advisory that discusses the use of an outdated 4th party (Chromium) software package in multiple HP workstations. 

HPE Advisory - HPE published an advisory that discusses an improper input validation vulnerability in their Telco Network Function Virtual Orchestrator. 

MB Connect Advisory #1 - MB Connect published an advisory that describes five vulnerabilities in their mbCONNECT24 and mymbCONNECT24 products. 

MB Connect Advisory #2 - MB Connect published an advisory that describes two vulnerabilities in their mbCONNECT24 and mymbCONNECT24 products. 

Philips Advisory - Philips published an advisory that discusses the Microsoft Secure Boot certificates issue. 

TP-Link Advisory - TP-Link published an advisory that describes three vulnerabilities in their Tapo C520WS Wi-Fi cameras. 

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-964 - subscription required.