Monday, April 27, 2026

Looking Back – 6-2-2010

 Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today, a blog post from June 2nd, 2010, “Chemical Storage Dikes”, made the list. It looks at a common safety feature at chemical facilities and its importance to chemical security plans. Anytime a facility relies on chemical safety measures to limit the consequences for a potential terrorist attack, a fresh look needs to be taken at that safety measure to ensure that it will adequately perform its function in the event of an attack on the facility. 

Posted by at No comments:
Labels: , ,

Sunday, April 26, 2026

Review - Public ICS Disclosures – Week of 4-18-26 – Part 2

 For Part 2 we have three additional vendor disclosures from Pilz, SEMTECH, and VEGA. There are six vendor updates from HPE, Mitsubishi (2), and Moxa (3). We also have a researcher report for vulnerabilities in products from Lantronix and Silex. Finally, we have two exploits for products from FortiGuard. 

Advisories  

Pilz Advisory - CERT-VDE published an advisory that discusses an insecure default initialization of resource vulnerability (with publicly available exploits) in the Pilz PASvisu Runtime. 

SEMTECH Advisory - SEMTECH published an advisory that describes three vulnerabilities in their LR11xx transceivers. 

VEGA Advisory - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in the VEGA VEGAPULS 6X product. 

Updates  

HPE Update - HPE published an update for their Aruba Networking advisory that was originally published on January 13th, 2026, and most recently updated on January 27th, 2026. 

Mitsubishi Update #1 - Mitsubishi published an update for their MELSEC iQ-F Series advisory that was originally published on March 3rd, 2026. 

Mitsubishi Update #2 - Mitsubishi published an update for their Ethernet Function advisory that was originally published on April 25th, 2026, and most recently updated on February 3rd, 2026. 

Moxa Update #1 - Moxa published an update for their Ethernet Switch advisory that was originally published on October 23rd2025 and most recently updated on October 31st, 2025. 

Moxa Update #2 - Moxa published an update for their SSH Weak Algorithms advisory that was originally published on December 12th, 2025. 

Moxa Update #3 - Moxa published an update for their ICMP Timestamp Request advisory that was originally published on October 21st, 2025, and most recently updated on January 5th, 2026. 

Researcher Reports  

Lantronix Report - Forescout published a report that described eight vulnerabilities in the Lantronix EDS3000PS and EDS5000PS Series serial device servers. 

Silex Report Forescout published a report that describes 12 vulnerabilities in the Silex D330-AC serial device server. 

Exploits  

FortiGuard Exploit #1 - Ashraf Zaryouh published an exploit for an OS command injection vulnerability in the FortiGuard FortiSandbox product. 

FortiGuard Exploit #2 - Indoushka published an exploit for a relative path traversal vulnerability (which is listed in CISA’s KEV catalog) in the FortiGuard FortiWeb product. 


For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-4b8 - subscription required. 

Posted by at No comments:
Labels: , , , , , , , , ,

Saturday, April 25, 2026

Chemical Incident Reporting – Week of 4-18-26

 NOTE: See here for series background. 

Blaine, WA – 4-18-26  

Local News Report: Herehere, and here. 

There was a possible explosion at an oil refinery during a turnaround operation. Three people were transported to local hospitals and held at least overnight. No details are available. 

CSB reportable. 

Great Barrington, MA – 4-19-26  

Local News Report: Here. 

There was a residential garage fire involving pool chemicals. No injuries were reported. The fire was limited to the garage. Nearby homes were evacuated due to the presence of the pool chemicals. 

Not CBS reportable. 

Ottawa, IL – 4-20-26  

Local News Report: Here and here. 

There was an explosion and fire at a magnesium processing facility. Two employees were transported to local hospitals. Minimal damage to the facility was reported. 

Possible CSB reportable. 

Nitro, WV – 4-22-26  

Local News Report: Herehere, and here. 

There was an unexpectged chemical reaction that led to the release of hydrogen sulfide. Two people were killed and 19 transported to local hospitals for chemical exposure treatment. Parts of the facility were being dismantled when the incident occurred. 

CSB reportable and CSB team on scene. 

Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)
 
/* Use this with templates/template-twocol.html */