Review – CSB Updated the Status of 8 Investigation Recommendations – 3-16-26

Yesterday the Chemical Safety Board (CSB) updated their Recent Recommendation Status Updates page, closing two recommendations with acceptable action and one with acceptable alternative actions. These actions left 119 of 1035 recommendations open. Additionally, the CSB updated the open status of four recommendation, noting that the responsible parties had agreed to take the recommended actions. The CSB took all of these actions on March 16^th, 2026. The previous update was published on January 20^th, 2026.

The three recently closed recommendations are:

 

• Chevron Richmond Refinery Fire, 2012-03-I-CA-R23, Governor and Legislature of the State of California,

• Chevron Richmond Refinery Fire, 2012-03-I-CA-R29, American Petroleum Institute (API), and

• Didion Milling Company Explosion and Fire, 2017-07-I-WI-R4, Didion Milling, Inc

 

For more information on the investigation responses, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updated-the-status-of-8-investigation - subscription required.

Review – 4 Advisories and 2 Updates Published – 3-17-26

Today CISA’s NCCIC-ICS published four control system security advisories for products from Siemens, Schneider Electric (2), and CODESYS. They also updated two advisories for products from Schneider and Hitachi Energy.

Advisories

Siemens Advisory This advisory describes four vulnerabilities in the Siemens SICAM SIAPP SDK.

NOTE: I briefly discussed these vulnerabilities on Monday.

Schneider Advisory #1 - This advisory describes a use of hard-coded credentials vulnerability in the Schneider Electric EcoStruxure Data Center Expert.

NOTE: I briefly mentioned this vulnerability on Monday.

Schneider Advisory #2 - This advisory describes an improper check for unusual or exceptional conditions vulnerability in the Schneider SCADAPack and RemoteConnect products.

Updates

Schneider Update - This update provides additional information on the EcoStruxure Power Build Rapsody advisory that was originally published on January 14^th, 2026.

I briefly discussed the Schneider update on March 16^th, 2026.

Hitachi Energy Advisory - This update provides additional information on the Relion 670, 650, SAM600-IO Series advisory that was originally published on June 27^th, 2023.

I briefly mentioned the Hitachi Energy update on February 1^st, 2026.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-2-updates-published-40c - subscription required.

CSB Publishes Accurate Energetic Systems Investigation Update 3-16-26

Yesterday the US Chemical Safety Board announced the publication of an update for their investigation of the October 10, 2025, explosions at the Accurate Energetic Systems that killed 16 employees. The report provides an overview of the materials and process involved at Building 602 where the fatal explosion occurred. The report concludes with an outline of the continuing items that the CSB is considering:

Cause or probable cause of the potential initiating event(s),

AES’s explosive safety and process safety management programs,

Equipment design of the kettles used at the AES facility,

Sensitivities of in-process explosive materials, and

Industry guidance for commercial facilities that manufacture explosives.

 

Review – Bills Introduced – 3-17-26

Yesterday, with both the House and Senate in session, There were 32 bills introduced. One of those bills will receive additional coverage in this blog:

HR 7945 To ban the sale of nitrous oxide consumer products, and for other purposes. Mullin, Kevin [Rep.-D-CA-15]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, as well as a mention in passing of a bill to authorize NSF basic biology research finging, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-17-26 - subscription required. 

Review – Committee Hearings – Week of 3-15-26

Both the House and Senate will be in Washington this week with a relatively light hearing schedule. Budget and NDAA related hearings are beginning, but this week there are none of specific interest here. There are two hearings of potential interest here; a House hearing on Chinese technology threats and a Senate confirmation hearing for the replacement DHS Secretary. The Senate will continue to try to pass some sort of DHS funding, probably unsuccessfully. The House may attempt to pass a balanced-budget constitutional amendment.

Chinese Technology Threat

On Tuesday the Subcommittee on Cybersecurity and Infrastructure Protection of the House Homeland Security Committee will hold a hearing on: “DeepSeek and Unitree Robotics: Examining the National Security Risks of PRC Artificial Intelligence, Robotics, and Autonomous Technologies and Building a Secure U.S. Technology Base”.

DHS Secretary Hearings

On Thursday the Senate Homeland Security and Governmental Affairs Committee will hold a confirmation hearing on the appointment of Sen Markwayne Mullin to be the Secretary of Homeland Security.

 

For more information on these hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-3-15-26 - subscription required.

Review – Public ICS Disclosures – Week of 3-7-26 – Part 3

For Part 3 we have an additional bulk vendor disclosure from Schneider Electric (6). There are three additional vendor disclosures from Siemens (2) and Weidmueller. We have bulk vendor updates from Siemens (12). There are also seven vendor updates from FortiGuard (2), HP, Schneider Electric (3), and VMware. Finally, we have three exploits for products from Splunk and WatchGuard (2).

Bulk Vendor Disclosures – Schneider

• Improper Resource Shutdown or Release vulnerability in Multiple Products,

• Improper Neutralization vulnerability in Multiple Products,

• Deserialization of Untrusted Data vulnerability on EcoStruxure™ Foxboro DCS,

• Improper Control of Generation of Code ('Code Injection') vulnerability on EcoStruxure™ Automation Expert,

• Use of Hard-coded Credentials vulnerability in EcoStruxure™ IT Data Center Expert, and

• Deserialization of Untrusted Data vulnerability on Multiple Products.

Advisories

Siemens Advisory #1 - Siemens published an advisory that describes six vulnerabilities in their SICAM SIAPP SDK product.

Siemens Advisory #2 - Siemens published bulletin about misconfiguration in Mendix Applications.

Weidmueller Advisory - CERT-VDE published an advisory that describes four vulnerabilities in the Weidmueller Energy Meter 750-XX.

Bulk Vendor Updates – Siemens

• Missing Server Certificate Validation in IAM Client,

• Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices,

• Missing Server Certificate Validation in Siemens Advanced Licensing (SALT) Toolkit,

• Data Validation Vulnerability in NX Before V2512,

• Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices,

• Multiple Vulnerabilities in SINEC Security Monitor before V4.9.0,

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery,

• Multiple Vulnerabilities in COMOS,

• Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager,

• Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP • MFP V3.1.5,

• Privilege Escalation Vulnerability in SINAMICS Drives, and

• Stored Cross-Site Scripting Vulnerability in SIMATIC S7-1500.

Updates

FortiGuard Update #1 - FortiGuard published an update for their OpenSSL advisory that was originally published on January 30^th, 2026, and most recently updated on March 3^rd, 2026.

FortiGuard Update #2 - FortiGuard published an update for their SSL-VPN Symlink advisory that was originally published on February 10^th, 2026.

HP Update - HP published an update for their Intel NPU Driver advisory that was originally published February 25^th, 2026.

Schneider Update #1 - Schneider published an update for their FlexNet Publisher advisory that was originally published on January 14^th, 2025, and most recently updated on November 11^th, 2025.

Schneider Update #2 - Schneider published an update for their ProLeiT Plant iT advisory that was originally published on January 13^th, 2026.

Schneider Update #3 - Schneider published an update for their EcoStruxure Power Build Rapsody advisory that was originally published on January 13^th, 2026.

VMware Update - Broadcom published an update for their Aria Operations advisory that was originally published on February 24^th, 2026.

Exploits

Splunk Exploit - Indoushka published an exploit for a function call with incorrectly specified argument value vulnerability in the Splunk Enterprise product.

WatchGuard Exploit #1 - Indoushka published an exploit for a default SSH credentials vulnerability.

WatchGuard Exploit #2 - Indoushka published a Metasploit module for a privilege escalation vulnerability in the WatchGuard IKEv2.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-795 - subscription required.

Review – Public ICS Disclosures – Week of 3-7-26 – Part 2 -

For Part 2 we have additional 14 vendor disclosures from Delta Electronics, Janitza, Mitsubishi, Moxa (4), NI (2), Palo Alto Networks (3), Philips, and Ruckus. Part 3 is in the works.

Advisories

Delta Advisory - Delta published an advisory that describes two vulnerabilities in their COMMGR 2 product

Janitza Advisory - CERT-VDE published an advisory that describes four vulnerabilities in the Janitza UMG 96RM-E products.

Mitsubishi Advisory - Mitsubishi published an advisory that describes an improper validation of specified index, position, or offset vulnerability in their CNC Series products.

Moxa Advisory #1 - Moxa published an advisory that discusses a GNU argument injection vulnerability.

Moxa Advisory #2 - Moxa published an advisory that discusses three vulnerabilities in their DA Series products.

Moxa Advisory #3 - Moxa published an advisory that discusses three vulnerabilities in their DA Series products.

Moxa Advisory #4 - Moxa published an advisory that discusses an insufficient flow control management vulnerability in their DA Series products.

NI Advisory #1 - NI published an advisory that describes two out-of-bounds write vulnerabilities in their Digilent DASYLab product.

NI Advisory #2 - NI published an advisory that describes two out-of-bounds read vulnerabilities in their Digilent DASYLab product.

PAN Advisory #1 - PAN published an advisory that discusses eight vulnerabilities (one with publicly available exploits and listed in CISA’s KEV catalog) in their Prima Browser product.

PAN Advisory #2 - PAN published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their Cortex XDR Agent.

PAN Advisory #3 - PAN published an advisory that describes an exposure of sensitive information to an unauthorized control sphere in their Cortex XDR Broker VM product.

Philips Advisory - Philips published an advisory that discusses the Stryker cyberattack.

Ruckus Advisory - Ruckus published an advisory that discusses the AirSnitch vulnerabilities.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-194 - subscription required.