Sunday, May 24, 2026

Review - Public ICS Disclosures – Week of 5-16-26 – Part 2

 For Part 2 this week we have nine additional vendor disclosures from Dell, HPE (4), Philips, TP-Link (2), and Wireshark. Finally, there are six vendor updates from Broadcom, ELECOM, HP, HPE, and Palo Alto Networks (2). 

Advisories  

Dell Advisory - Dell published an advisory that discusses 29 vulnerabilities in their ThinOS product. All but two of the vulnerabilities are third-party vulnerabilities. 

HPE Advisory #1 - HPE published an advisory that discusses two vulnerabilities in their Telco Universal SLA Management product. 

HPE Advisory #2 - HPE published an advisory that discusses the CopyFail vulnerability. 

HPE Advisory #3 - HPE published an advisory that discusses eight vulnerabilities (seven have publicly available exploits) in their Unified OSS Console Assurance Monitoring product. 

HPE Advisory #4 - HPE published an advisory that describes a privilege escalation vulnerability in their Cray Programming Environment. 

Philips Advisory - Philips published an advisory that discusses an F5 Networks heap-based buffer overflow vulnerability. 

TP-Link Advisory #1 - TP-Link published an advisory that describes an improper input validation vulnerability in multiple TP-Link Range Extenders products. 

TP-Link Advisory #2 - TP-Link published an advisory that describes a generation of error message that contains sensitive information vulnerability in their web management interface of Archer AX72. 

Wireshark Advisory - Wireshark published an advisory that describes a dissector crash vulnerability in their ROHC protocol. 

Updates  

Broadcom Update - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 7th, 2025, and most recently updated on March 3, 2026. 

ELECOM Update JP-CERT published an update for their LAN routers advisory that was originally published on May 12th, 2026. 

HP Update - HP published an update for their Intel PROSet/Wireless WiFi Software advisory that was originally published on November 11th, 2025, and most recently updated on April 1st, 2026. 

HPE Update - HPE published an update for their Aruba Networking Virtual Intranet Access advisory that was originally published on January 13th, 2026. 

PAN Update #1 - PAN published an update for their Cloud Authentication Service advisory that was originally published on May 13th, 2026, and most recently updated on May15th, 2026. 

PAN Update #2 PAN published an update for their DNS Proxy Server advisory that was originally published on May 13th, 2026, and most recently updated on May15th, 2026. 


For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-37e - subscription required. 

Posted by at No comments:
Labels: , , , , , , , , ,

Saturday, May 23, 2026

Chemical Incident Reporting – Week of 5-16-26

NOTE: See here for series background. 

Edison, NJ – 5-17-26  

Local News Report: Herehere, and here. 

There was an accident involving a fuel tanker that resulted in a massive fire. One person was killed and another was seriously injured and transported to the hospital. 

Not CSB reportable, transportation related incident. 

Belton, SC – 5-20-26  

Local News Report: Herehere, and here. 

There was a toxic vapor cloud released inside a business when sulfuric acid and bleach were mixed. No injuries or damages were reported. 

Not CSB reportable. 

Garden Grove, CA – 5-21-26  

Local News Report: Here, herehereand here. 

There is an ongoing chemical incident at a chemical manufacturing facility. A methyl-methacrylate tank is undergoing a self-polymerization reaction. So far, there has been some periodic tank venting of the slightly toxic material as the exothermic reaction has raised the temperature and pressure within the tank. As the reaction proceeds, the temperature continues to increase, which increases the rate of reaction. The concern is that at some point the temperature and pressure will increase to the point that there will be a catastrophic failure of the storage tank leading to a large release of hot, flammable, toxic material. No injuries or damages have yet been reported, but 40,000 people have been evacuated from a large area around the facility. 

Not yet CSB reportable. 

St Louis, MO – 5-21-26  

Local News Report: Herehere, and here. 

There was an anhydrous ammonia leak from a food storage facility. No injuries or damages were reported. 

Not CSB reportable. 

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)
 
/* Use this with templates/template-twocol.html */