Review - Public ICS Disclosures – Week of 4-25-26 – Part 2

 For Part 2 we have three additional Moxa, TP-Link, and Zyxel. There are bulk vendor updates from Moxa (6). There are three additional vendor updates from Hitachi Energy (2) and HP. There is a researcher report for vulnerabilities in products from EnOcean. Finally, we have two exploits for products from SolarEdge. 

Moxa Advisory - Moxa published an advisory that describes two vulnerabilities in their Secure Router products. 

TP-Link Advisory - TP-Link published an advisory that describes an authentication bypass by spoofing vulnerability (listed in CISA’s Known Exploited Vulnerabilities catalog) in legacy TP-Link Router and Access Point products. 

Zyxel Advisory - Zyxel published an advisory that describes two OS command injection vulnerabilities in multiple Zyxel products. 

Bulk Vendor Updates – Moxa  

• CVE-2025-0676: Command Injection Leading to Privilege Escalation in Secure Routers, Cellular Routers, Network Security Appliances,  

• CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches,  

• CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches,  

• CVE-2025-6892, CVE-2025-6893, CVE-2025-6894, CVE-2025-6949, CVE-2025-6950: MultipleVulnerabilities in Network Security Appliances and Routers,  

• Privilege Escalation and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances, and  

• CVE-2025-0415: Command Injection Leading to Denial-of-Service in Secure Routers, Cellular Routers, and Network Security Appliances. 

Updates  

Hitachi Energy Update #1 - Hitachi Energy published an update for their GMS600 advisory that was originally published on June 27th, 2023. 

Hitachi Energy Update #2 - Hitachi Energy published an update for their Web Services advisory that was originally published on October 29th, 2024. 

HP Update - HP published an update for their SECOMNService advisory that was originally published on October 15th, 2025. 

Researcher Reports  

EnOcean Report - Claroty published a report that describes two vulnerabilities in the EnOcean SmartServer IoT platform. 

Exploits  

SolarEdge Exploit #1 - Nu11secur1ty published an exploit for a cross-site scripting vulnerability in the SolarEdge product. 

SolarEdge Exploit #2 - Nu11secur1ty published an exploit for a cross-site scripting vulnerability in the SolarEdge product. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-a0a - subscription required. 

Review – Bills Introduced – 5-1-26

 Yesterday, with neither the House nor Senate in session, there was one bill introduced: 

HR 8646 Making appropriations for Agriculture, Rural Development, Food and Drug Administration, and Related Agencies programs for the fiscal year ending September 30, 2027, and for other purposes. Rep. Harris, Andy [R-MD-1] 

For more information on these bills, including legislative history for similar bills in the 118th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-1-26 - subscription required. 

Review - HR 7011 Introduced – Railcar PRD Report

Back in January Rep Deluzio (D,PA) introduced HR 7011, the Under Pressure Act. The bill would require DOT’s Federal Railroad Administration (FRA) to prepare a report to Congress on the rate and causes of rail tank car pressure relief device (PRD) failures in derailment events. No new funding is authorized by this legislation. 

I can find no legislation in the 118th Congress that would be similar to HR 7011. It would appear that this bill is related to the NTSB preliminary report about issues with pressure release devices during the February 2023 East Palestine train derailment. 

Moving Forward  

Deluzio is a member of the House Transportation and Infrastructure Committee to which this bill is assigned for consideration. This means that there may be sufficient influence to see the bill considered by the Committee. Since this is simply a report to Congress bill, I see nothing that would engender any organized opposition. I would suspect that there would be some level of bipartisan support for the bill, but it remains to be seen if there would be sufficient support for the bill to move to the floor of the House for consideration under the suspension of the rules process. 

For more information on the provisions of this bill, and a brief commentary on the current PRD regulatory requirements, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-7011-introduced-railcar-prd-report - subscription required. 

Chemical Incident Reporting – Week of 4-25-26

 NOTE: See here for series background. 

Fresno County, CA – 4-27-26  

Local News Report: Here, here, and here. 

There was an ammonia leak at a winery. A nearby school was put under shelter-in-place and was then released from school early. No injuries or damages were reported. 

Not CSB reportable. 

South Houston, TX – 4-30-26  

Local News Report: Here, here, here, and here. 

There was a collapse of a hot-tar storage tank during filling operations. One person was killed. 

CSB reportable. 

Vancouver, WA – 5-1-26  

Local News Report: Here, here, and here. 

There was a small muriatic acid spill as the result of a rollover accident. The driver was injured in the accident, and the local area was evacuated due to the chemical fumes.  

One fire fighter was taken to the hospital for exposure related issues. 

Not CSB reportable; transportation related incident. 

Fort Smith, AR – 5-2-26  

Local News Report: Here, and here. 

There was a large (125,000-gal) sulfuric acid spill at an industrial facility. No reports of injuries or damages. The cost of facility damage could reach the $1 million CSB reportable threshold. 

Possible CSB reportable.