Review – Bills Introduced – 5-26-26

 Yesterday, with both the House and Senate meeting in pro forma sessions, there were 23 bills introduced. One of those bills may receive additional coverage in this blog: 

HR 9042 To promote the development, production, and deployment of secure and resilient Unmanned Aerial Systems (UAS) to enhance United States national security and support the defense and resilience of Taiwan in the Indo-Pacific Region. Vindman, Eugene Simon [Rep.-D-VA-7]   

For more information on these bills, including legislative history for similar bills in the 118th Congress, as well as a mention-in-passing of a military fuel discount program, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-26-26 - subscription required.

CSB to Issue Givaudan Sense Colour Explosion Report

 Odd changes were added to the CSB’s Recent Recommendation Status Updates page; the page reflects changes in the total number of recommendations made by the CSB, adds a listing for “Givaudan Sense Colour Explosion (0 Recommendations)”, and adds two recommendations from the PEMX Deer Park report to the page. The first two changes would seem to indicate that the CSB will be issuing their final report on the Givaudan Sense Color investigation that would include 12 recommendations for various affected parties. 

I have no idea why the PEMEX ‘updates’ were added. They still reflect the “Not Applicable – Initial Status” comment in the Date of Status Change block on their respective Status of Change Summary sheets. That is the entry made when the recommendation page is first initiated. 

Short Takes – 5-26-26 - Federal Register Edition

Reporting Deadline Extension for the Health and Safety Data Reporting Rule Under Toxic Substance Control Act (TSCA) Section 8(d). Federal Register EPA final rule. Summary: “The U.S. Environmental Protection Agency (EPA) is taking final action to extend the reporting deadline for the Health and Safety Data Reporting Rule [link added] under the Toxic Substances Control Act (TSCA) by one year to May 21, 2027.” 

Information Collection Requests  

Notice of Request for Revision to and Extension of Approval of an Information Collection; Highly Pathogenic Avian Influenza, All Subtypes, and Newcastle Disease; Additional Restrictions (Pet, Performing, and Research Birds; Bird Carcasses). Federal Register APHIS 60-day information collection request (ICR) revision/extension. Summary: “In accordance with the Paperwork Reduction Act of 1995, this notice announces the Animal and Plant Health Inspection Service's intention to request a revision to and extension of approval of an information collection associated with the regulations to prevent the introduction of highly pathogenic avian influenza, all subtypes, and Newcastle disease into the United States through the importation of pet, performing, and research birds and poultry, and unprocessed bird and poultry products, mainly bird carcasses.” 

Submission to the Office of Management and Budget for Review and Approval; Request for Comment; Incident Reporting for Automated Driving Systems (ADS) and Level 2 Advanced Driver Assistance Systems (ADAS). Federal Register NHTSA 30-day ICR reinstatement notice. Summary: “This ICR is for NHTSA's information collection for incident reporting requirements for Automated Driving Systems (ADS) and Level 2 Advanced Driver Assistance Systems (ADAS). NHTSA previously requested and received a three-year approval of this information collection. NHTSA now requests OMB's approval for a three-year reinstatement of this previously approved information collection with modifications. These modifications streamlined reporting requirements to reduce burdens compared to the prior version of this information collection and sharpened the focus on safety critical information. A Federal Register notice with a 60-day comment period soliciting public comments on the following information collection was published on March 4, 2026 (Docket No. NHTSA-2026-0529), and NHTSA received fourteen comments.” 

Executive Orders  

EO 14405 - Integrating Financial Technology Innovation Into Regulatory Frameworks. Federal Register. 

EO 14406 - Restoring Integrity to America's Financial System. Federal Register. 

Review – 7 Advisories and 1 Update Published – 5-26-26

Today CISA’s NCCIC-ICS published six control system security advisories for products from ABB. They also published a medical device security advisory for products from Eppendorf. Finally, they updated an advisory for products from Schneider Electric. 

Advisories  

ABB Advisory #1 - This advisory describes a clear-text storage of sensitive information in memory vulnerability in the ABB LVS MConfig product. 

NOTE: I briefly discussed this vulnerability on October 11th, 2025. 

ABB Advisory #2 - This advisory discusses 22 vulnerabilities in the ABB Ability Camera Connect product. 

NOTE: I briefly discussed these vulnerabilities on March 28th, 2026. 

ABB Advisory #3 - This advisory describes an improper resource locking vulnerability in the ABB B&R Automation Runtime product.  

NOTE: I briefly discussed this vulnerability on October 11th, 2025. 

ABB Advisory #4 - This advisory describes a missing authentication for critical function vulnerability in the ABB Ability Zenon Remote Transport Service.  

NOTE: I briefly discussed this vulnerability on August 8th, 2025. 

ABB Advisory #5 - This advisory describes a buffer over-read vulnerability in the ABB AC500 V2.  

NOTE: I briefly discussed this vulnerability on July 26th, 2025. 

ABB Advisory #6 - This advisory describes a heap-based buffer overflow vulnerability in the ABB Terra AC.  

NOTE: I briefly discussed the vulnerability on October 25th, 2025. 

Eppendorf Advisory - This advisory describes a use of hard-coded password vulnerability in the Eppendorf BioFlo 320 product. 

Updates  

Schneider Update - This update provides additional information on the Altivar Products advisory that was originally published on September 16th, 2025, and most recently updated on October 23rd, 2025. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-a86 - subscription required.