Chemical Transportation Incidents – Week of 4-25-26

Reporting Background 

See this post for explanation, with the most recent update here (removed from paywall). 

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency. 

Incidents Summary  

• Number of incidents – 468 (441 highway, 21 air, 6 rail, 0 water) 

• Serious incidents – 0 (0 Bulk release, 0 evacuation,0 injury, 0 death, 0 major artery closed, 0 fire/explosion, 33 no release)  

• Largest container involved – 32,875-gal DOT 112J340W Railcar {Petroleum Gases, Liquefied or Liquefied Petroleum Gas} Sample line valve open. 

• Largest amount spilled – 70-gal DOT 406 Tank Truck {Diesel Fuel} Hose disconnected during unloading. 

• Total amount reported spilled in all incidents – 906.5-gal 

NOTE: Links above are to Form 5800.1 for the described incidents. 

Most Interesting Chemical: Carbon Tetrachloride: A clear colorless liquid with a characteristic odor. Denser than water (13.2 lb / gal) and insoluble in water. Noncombustible. May cause illness by inhalation, skin absorption, and/or ingestion. Used as a solvent, in the manufacture of other chemicals, as an agricultural fumigant, and for many other uses. (Source: CameoChemicals.NOAA.gov).  

OMB Approves PHMSA Breakout Tank Inspection NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA) on “Pipeline Safety: Breakout Tank Inspection Rule”.  

This rulemaking was not listed in the Spring 2025 Unified Agenda, so it is difficult to determine what the scope of this proposed rulemaking will be. There was, however, a question on breakout tank inspections in an advanced notice of proposed rulemaking that PHMSA published in May, 2025. That question read: 

“How should part 195 regulations address the assessment of and remediation of anomalies on in-service breakout tanks? Would incorporating the risk-based inspection interval provided for in consensus industry standards ( e.g., the fifth edition of API Std 653) within PHMSA regulations be appropriate for some or all breakout tanks? Please identify any specific regulatory amendments that merit consideration, as well as the technical, safety, and economic reasons supporting those recommended amendments.” 

Review – 9 Advisories and 2 Updates Published – 5-28-26

Yesterday, CISA’s NCCIC-ICS published eight control system security advisories for products from XCharge, Schneider Electric, KMW, CP Plus, ABB (2), Jinan USR IOT Technology, and MacGregor. There is a medical device security advisory for products from Fourth Frontier. Finally, there are also updates for products from ABB and Mitsubishi. 

Advisories  

XCharge Advisory - This advisory describes three vulnerabilities (one with publicly available exploit) in the XCharge C6 vehicle charger. 

Schneider Advisory - This advisory describes a cleartext storage of sensitive information vulnerability in the Schneider EcoStruxure Machine Expert HVAC. 

NOTE: I briefly discussed this vulnerability on May 16th, 2026. 

KMW Advisory - This advisory describes an unverified password change vulnerability in the KMW CCTV Security Cameras. 

CP Advisory - This advisory describes a cross-site scripting vulnerability in the CP Plus 8 Ch. Network Video Recorder. 

ABB Advisory #1 - This advisory describes an active debug code vulnerability in the ABB Busch-Welcome 2 Wire Door Opener Actuator.  

NOTE: I briefly discussed the vulnerability on July 26th, 2025. 

ABB Advisory #2 - This advisory describes a cross-site scripting vulnerability in the ABB EIBPORT product.  

NOTE: I briefly discussed this vulnerability on October 11th, 2025. 

Jinan Advisory - This advisory describes a use of hard-coded credentials vulnerability in the Jinan USR-W610 RS232/485 to Wi-Fi/Ethernet Converter. 

MacGregor Advisory - This advisory describes five vulnerabilities in the MacGregor Voyage Data Recorder (VDR) G4e. 

Fourth Frontier Advisory - This advisory describes a missing authentication for critical function vulnerability in the Fourth Frontier X Android application. 

Updates  

ABB Update - This update provides additional information on the ABB Ability Zenon Remote Transport advisory that was originally published on May 26th, 2026. 

Mitsubishi Update - This update provides additional information on the Factory Automation Engineering Products advisory that was originally published on July 30th, 2026, and most recently updated on April 11th, 2023. 

For more information on these advisories, including a down-the-rabbit-hole look at 3rd party vulnerabilities in the XCharge C6 vehicle charger, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-and-2-updates-published - subscription required.