Review – HR 6846 Introduced – UAS Threat Assessment

Back in December, Rep Crane (R,AZ) introduced HR 6846, the Detecting and Evaluating Foreign Exploitation of Novel Drones (DEFEND) Act. The bill would amend the Homeland Security Act of 2002 by adding a new section; §324, Annual assessment on terrorism threats to the United States relating to the use of unmanned aircraft systems by covered foreign adversaries, including terrorist organizations. No new funding is authorized by this bill.

I can find no legislation in the 118th Congress that would be similar to HR 6846. To date no congressional action has been taken on this bill.

Moving Forward

Crane and all five of his cosponsors are members of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there should be sufficient influence to see this bill considered in Committee. I see nothing in this bill that would engender any organized opposition. I would expect that the bill would receive bipartisan support, and that support should be sufficient to see the bill considered in the full House under the suspension of the rules process.

Commentary

While the bill’s description of the information to be included in the assessment would seem to be comprehensive, it has two serious shortcomings. First, it does not include any consideration of the legal aspects of counter UAS operations that currently restrict State, local, and tribal organizations from effectively identifying, tracking and intercepting covered UAS systems. Second, it effectively ignores any potential efforts (and legal restriction on such efforts) by private sector critical infrastructure organizations to protect themselves.

 

For more information on the provisions of this bill, including suggested language to correct the shortcomings identified above, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-6846-introduced-uas-threat-assessment - subscription required

Review – Public ICS Disclosures – Week of 2-7-26 – Part 2

 For Part 2 we have five additional vendor disclosures from Arista, HPE, Supermicro, WAGO, and Yokogawa. There are ten vendor updates from Broadcom (3), CODESYS (2), HP, HPE, and Schneider (3). We also have three researcher reports for products from Sante, Linksys, and Solax. Finally, we have three exploits for products from FortiGuard, Palo Alto Networks, and SolarWinds.

Advisories

Arista Advisory - Arista published an advisory that describes six vulnerabilities in their Next Generation Firewall.

HPE Advisory - HPE published an advisory that discusses an improper handling of values vulnerability in their ProLiant DL/ML/XD, Synergy, Edgeline, MicroServer.

Supermicro Advisory - Supermicro published an advisory that discusses 11 vulnerabilities in multiple Supermicro products.

WAGO Advisory - CERT-VDE published an advisory that describes four vulnerabilities in the WAGO Industrial-Managed-Switch 0852-XXXX products.

Yokogawa Advisory - Yokogawa published an advisory that describes six vulnerabilities in their Vnet/IP Interface Package.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on August 1^st, 2023.

Broadcom Update #2 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on May 17^th, 2017.

Broadcom Update #3 - Broadcom published an update for their rsynd advisory that was originally published on September 13, 2022.

CODESYS Update #1 - CODESYS published an update for their CODESYS Control advisory that was originally published on December 1^st, 2025.

CODESYS Update #2 - CODESYS published an update for their CODESYS Control advisory that was originally published on December 1^st, 2025.

HP Update - HP published an update for their LaserJet advisory that was originally published on November 13^th, 2025, and most recently updated on December 10^th, 2025.

HPE Update - HPE published an update for their Aruba Networking EdgeConnect advisory that was originally published on January 14^th, 2026.

Schneider Update #1 - Schneider published an update for their EcoStruxure Power Operation advisory that was originally published on July 8^th, 2025.

Schneider Update #2 - Schneider published an update for their EcoStruxure Foxboro DCS advisory that was originally published on December 9^th, 2025.

Schneider Update #3 - Schneider published an update for their Uni-Telway Driver advisory that was originally published on February 11^th, 2025, and most recently updated on January 13^th, 2026.

Researcher Reports

Linksys Report - SySS Tech published a report that describes six vulnerabilities (with proof-of-concept code) in the Linksys MR9600 and MX4200 routers.

Sante Report - The Zero Day Initiative published a report that describes a buffer overflow vulnerability in the Sante DICOM Viewer Pro.

Solax Report - SEC Consult published a report that describes three vulnerabilities (with proof-of-concept code) in the Solax Power Pocket WiFi models.

Exploits

FortiGuard Exploit - Peter Gabaldon published an exploit for an exposure of sensitive information to an unauthorized actor vulnerability in the FortiGuard FortiGate product.

Palo Alto Networks Exploit - Indoushka published an exploit for four vulnerabilities in the Palo Alto Networks PAN-OS products.

 

For more information about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-c98 - subscription required.

Short Takes – 2-14-26 – Federal Register Edition

Notice of Intent To Grant an Exclusive, Co-Exclusive or Partially Exclusive Patent License. Federal Register NASA notice of intent to grant patent license. Summary: “NASA intends to grant an exclusive, co-exclusive, or partially exclusive patent license in the United States to practice the inventions described and claimed in: U.S. Patent Nos. 8,593,153 entitled “Method of Fault Detection and Rerouting,” issued on November 26, 2013, and 8,810,255 entitled “In-Situ Wire Damage Detection System,” issued on August 19, 2014, to Sun City Smart Technology Solutions, Inc., having its principal place of business in El Paso, Texas. The fields of use may be limited. NASA has not yet made a final determination to grant the requested license and may deny the requested license even if no objections are submitted within the comment period.”

Notice Hazardous Materials: Notice of Actions on Special Permits. Federal Register notice of actions on special permit applications. Summary: “In accordance with the procedures governing the application for, and the processing of, special permits from the Department of Transportation's Hazardous Material Regulations, notice is hereby given that the Office of Hazardous Materials Safety has granted or denied the application described herein.”

Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings. Federal Register CISA meeting notice. Summary: “This notice announces town hall meetings to allow external stakeholders a limited additional opportunity to provide input on refining the scope and burden of the CIRCIA Notice of Proposed Rulemaking (NPRM) issued in the Federal Register on April 4, 2024. The proposed CIRCIA rulemaking seeks to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022, as amended, by implementing covered cyber incident and ransom payment reporting requirements for covered entities.”

EO 14386 - Strengthening United States National Defense With America's Beautiful Clean Coal Power Generation Fleet. Federal Register.

Chemical Incident Reporting – Week of 2-7-26

NOTE: See here for series background.

HOCKLEY, TX– 2-7-26

Local News Report: Here and here.

There was a release of methyl mercaptan fumes from a rail car cleaning facility that caused the evacuation of a nearby school. Two students were transported to a local hospital but they treated and released. There were no physical damages related to this incident.

Not CSB reportable.

Methyl mercaptan is the chemical added in very low concentrations to natural gas and propane as an odorant to aid in detection of gas leaks of those two chemicals. VERY low concentrations in the air produce a detectable and objectionable odor.

I would like to suggest that CSB update their accidental release reporting regulations to add any release that results in the evacuation of a school or medical facility should be a reportable incident under those regulations.

Santa Rosa Beach, FL – 2-11-26

Local News Report: Here, here, and here.

There was an unidentified chemical spill from an unknown vehicle on a public road that released visible fumes. The roadway was blocked and hazmat crews cleaned up the spill. No injuries were reported.

Not CSB reportable, this was a transportation related incident.

This article raised an interesting list of questions about the response to this incident.

Midwest City, OK – 2-12-26

Local News Report: Here and here.

There was a cleaning chemical mixing incident at a food processing facility that resulted in the release of chlorine gas. The 50-gallon drum where the mixing took place was capped and the building was aired out. No injuries were reported and there were no damages related to the incident.

Not CSB reportable.

FCC Sends Satellite Broadband NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the Federal Communications Commission (FCC) on “Modernizing Spectrum Sharing for Satellite Broadband (SB Docket No. 25-157 [link added])”. This rulemaking was not listed in the Spring 2025 Unified Agenda. 

SB Docket 25-157 was opened on April 7^th, 2025. The FCC published a notice of proposed rulemaking for that docket on April 29^th, 2025. It is not clear what relationship exists between that NPRM and the one announced by OIRA yesterday.

I am posting this as part of my limited Space Geek coverage, and do not expect to cover this rulemaking in any detail beyond announcements of OIRA actions and mentions in the appropriate Short Takes posts for Federal Register notices.

Review – Public ICS Disclosures – Week of 2-7-26 – Part 1

This is a relatively busy disclosure week for the week of Cyber Tuesday. We have 43 bulk vendor disclosures from FortiGuard (6), Hitachi (8), HP (8), HPE (14), QNAP (7). We also have 10 bulk updates from Siemens (10). There are also seven other vendor disclosures from Bosch, Meinberg, Pheonix Contact, Schneider (2), and Siemens (2).

Bulk Disclosures – FortiGuard

• Firewall policy bypass in FSSO Terminal Services Agent,

• Format String Vulnerability in CAPWAP fast-failover mode,

• LDAP authentication bypass in Agentless VPN and FSSO,

• Request smuggling attack in FortiOS GUI,

• SSL-VPN Symlink Persistence Patch Bypass, and

• XSS via back button.

Bulk Disclosures – Hitachi

• Multiple Vulnerabilities in Cosminexus HTTP Server,

• Vulnerability in Cosminexus HTTP Server,

• Vulnerability in Cosminexus HTTP Server and Hitachi Web Server,

• Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server,

• Multiple Vulnerabilities in Cosminexus,

• Multiple Vulnerabilities in JP1,

• Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center, and

• Multiple Vulnerabilities in Hitachi Command Suite products

Bulk Disclosures – HP

• HP App – Potential Cross-Site Scripting,

• AMD Graphics Driver February 2026 Security Update,

• AMD Processors February 2026 Security Update,

• Certain HP OfficeJet Pro Printers – Denial of Service,

• Intel Chipset Firmware February 2026 Security Update,

• Intel Processor Firmware February 2026 Security Update,

• Certain HP OfficeJet Pro Printers - Information Disclosure, and

• Intel Graphics Software February 2026 Security Update.

Bulk Disclosures – HPE

• Certain HPE ProLiant Servers Using Certain Intel Processor BIOS, INTEL-SA-01406, Intel Quick Assist Technology (Intel QAT) Advisory, Multiple vulnerabilities,

• Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01313, 2025.3 IPU, Intel Xeon Processor Firmware Advisory, Multiple Vulnerabilities,

• Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01280, 2025.3 IPU, Intel Chipset Firmware Advisory, Multiple Vulnerabilities,

• Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01312, Intel TDX Module Advisory, Multiple Vulnerabilities,

• Certain HPE StoreEasy Servers Using Certain Intel Processors, INTEL-SA-01396, 2026.1 IPU, Intel Processor Firmware Advisory, Local Escalation of Privilege Vulnerability,

• Certain HPE ProLiant DL/ML/XD, Synergy, Edgeline and Alletra Servers Using Certain Intel Processors, INTEL-SA-01314, 2025.4 IPU, Intel TDX Module Advisory, Local Escalation of Privilege Vulnerability,

• Certain HPE ProLiant DL/ML/XD, Synergy, Edgeline, and Alletra Servers Using Certain Intel • Processors, INTEL-SA-01397, 2026.1 IPU, Intel Trust Domain Extensions (Intel TDX) module Advisory, Multiple Vulnerabilities,

• Certain HPE ProLiant DL/ML/XD, Synergy, and Alletra Servers Using Certain Intel Processors, INTEL-SA-01401, UPLR1 - Intel Server Firmware Advisory, Local Denial of Service Vulnerability,

• HPE Aruba Networking EdgeConnect SD-WAN Orchestrator, Multiple Vulnerabilities,

• Certain HPE ProLiant AMD DL/XL Servers Using Certain AMD EPYC Processors, AMD-SB-3023:AMD Server Vulnerabilities, Multiple Vulnerabilities,

• HPE Intel E810 Series Ethernet Controllers, INTEL-SA-01171, Intel Ethernet Adapters 800 Series Advisory, Denial of Service Vulnerability,

• Certain HPE StoreEasy Servers Using Certain Intel Processors, INTEL-SA-01314, 2025.4 IPU, Intel TDX Module Advisory, Local Escalation of Privilege Vulnerability,

• Certain HPE StoreEasy Servers Using Certain Intel Processors, INTEL-SA-01397, 2026.1 IPU, Intel Trust Domain Extensions (Intel TDX) module Advisory, Multiple Vulnerabilities, and

• Multiple Vulnerabilities in HPE Aruba Networking Private 5G Core.

Bulk Disclosures – QNAP

• Multiple Vulnerabilities in Media Streaming add-on,

• Multiple Vulnerabilities in Qsync Central,

• Multiple Vulnerabilities in File Station 5,

• Vulnerabilities in Apache,

• Multiple Vulnerabilities in QTS and QuTS hero, 

• Multiple Vulnerabilities in QuTS hero, and

• Vulnerabilities in Samba.

Bulk Updates – Siemens

• Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1,

• Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2,

• Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices,

• Denial-of-Service Vulnerability in ET 200 Devices,

• Multiple Vulnerabilities in SiPass integrated,

• Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices,

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery,

• Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1,

• Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs, and

• Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5.

Advisories

Bosch Advisory - Bosch published an advisory that describes four deserialization of untrusted data vulnerabilities in their Rexroth IndraWorks product.

Meinberg Advisory - Meinberg published an advisory that discusses 21 vulnerabilities in their LANTIME product.

Pheonix Contact Advisory - Pheonix Contact published an advisory that discusses an improperly controlled sequential memory allocation vulnerability in their mGuard products.

Schneider Advisory #1 - Schneider published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their SCADAPack and Remote Connect products.

Schneider Advisory #2 - Schneider published an advisory that describes two vulnerabilities in their EcoStruxureTM Building Operation Workstation and EcoStruxureTM Building Operation Webstation products.

Siemens Advisory #1 - Siemens published an advisory that describes six vulnerabilities in their Simcenter Femap and Nastran products.

Siemens Advisory #2 - Siemens published a bulletin that describes an absence of anti-tamper protections and modern exploit mitigation controls in the SIPORT Desktop Client Application.

 

For more information on these disclosures, including links to 3^rd party advisories, and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-fdd - subscription required.

Review – Bills Introduced – 2-13-26

Yesterday, with both the House and Senate in Washington (and preparing to go on a 1 week period of working from home), there were 99 bills introduced. Two of those bills will receive additional coverage here.

HR 7525 To authorize counter-unmanned aircraft system authorities for State, local, territorial, and tribal law enforcement, and for other purposes. Burlison, Eric [Rep.-R-MO-7]

HR 7552 To amend the Chemical and Biological Weapons Control and Warfare Elimination Act of 1991 to impose sanctions on foreign countries in response to acts concerning chemical or biological programs that cause injury to other foreign countries, and for other purposes. Moore, Barry [Rep.-R-AL-1]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-2-13-26 - subscription required.