PHMSA Sends Pipeline Repair NPRM to OMB

 Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the DOT’s Pipeline and Hazardous Materials Safety Administration on “Pipeline Safety: Repair Criteria for Hazardous Liquid and Gas Transmission Pipelines”. The advanced notice of proposed rulemaking for this action was published on May 21st, 2025. 

According to the Spring 2025 Unified Agenda entry for this rulemaking: 

“PHMSA plans a notice of proposed rulemaking that would modify the thresholds at which operators would be required to repair hazardous liquid pipelines, commonly referred to as anomaly repair criteria,” on pipelines located in high-consequence areas (HCA) and could-affect HCAs,” and develop new repair criteria for hazardous liquid pipelines in non-HCAs.  PHMSA is also examining changes to the repair criteria for gas transmission pipelines, including the anomaly thresholds for cracks, dents, and certain seam types.” 

Looking Back – 10-7-24 – Reader Comment

 Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today, a blog post from October 2024, Reader Comment – DrayTek Advisories, made the list. It discusses a comment where a reader pointed out a mistake that I made in an earlier blog post. Now, I do not like such comments, but that is because I do not like making mistakes. I really do appreciate it when readers allow me the chance to correct those errors. 

I do moderate reader comments, but that is generally done to keep out SPAM, including SEO ‘I love your post’ comments, and hate speech of any kind. Other than that, if you catch me in a mistake, I will acknowledge it and correct it. And, if appropriate, expand upon the reason. 

Review – 17 Advisories and 1 Update Published – 5-14-26

Today CISA’s NCCIC-ICS published 17 advisories for products from Universal Robots and Siemens (16) and updated an advisory for products from SWTCH. 

Siemens published two additional advisories this week that were not covered today by CISA. I will address them this weekend. 

Advisories  

Universal Robots Advisory - This advisory describes an OS command injection vulnerability in the UR Polyscope 5 software. 

Ruggedcom Advisory #1 - This advisory discusses 35 vulnerabilities in the Siemens Ruggedcom Rox product. 

Ruggedcom Advisory #2 - This advisory describes an OS command injection vulnerability in the Siemens Ruggedcom Rox product. 

Ruggedcom Advisory #3 - This advisory describes an OS command injection vulnerability in the Siemens Ruggedcom Rox. 

Ruggedcom Advisory #4 - This advisory describes an argument injection vulnerability in the Siemens Ruggedcom Rox. 

SIMATIC Advisory #1 - This advisory describes three vulnerabilities in the Siemens SIMATIC S7 PLC Web Server. 

SIMATIC Advisory #2 - This advisory discusses 171 vulnerabilities in the Siemens SIMATIC CN 4100. 

SIMATIC Advisory #3 - This advisory describes an insecure default initialization of resource vulnerability in the Siemens SIMATIC HMI Unified Comfort Panels. 

SENTRON Advisory - This advisory discusses an HTTP request/response smuggling vulnerability in the Siemens SENTRON 7KT PAC1261 Data Manager. 

SIPROTEC Advisory - This advisory describes a small space of random values vulnerability in the Siemens SIPROTEC 5 products. 

Opcenter Advisory - This advisory discusses a missing authentication for critical function vulnerability in the Siemens Opcenter RDnL product. 

ROS# Advisory - This advisory describes a relative path traversal vulnerability in the Siemens ROS#. 

Industrial Devices Advisory - This advisory describes a NULL pointer dereference vulnerability in the Siemens Industrial Devices product line. 

Simcenter Advisory - This advisory describes a heap-based buffer overflow vulnerability in the Siemens Simcenter Femap product. 

Teamcenter Advisory - This advisory discusses three vulnerabilities (one with publicly available exploit) in the Siemens Teamcenter products. 

GWAP Advisory - This advisory discusses an HTTP request/response splitting vulnerability in the Siemens gPROMS Web Applications Publisher (gWAP). 

Updates  

SWTCH Update - This update provides additional information on the SWTCH EV advisory that was originally published on February 26th, 2026. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/17-advisories-and-1-update-published-543 - subscription required. 

Review – Bills Introduced – 5-13-26

 Yesterday, with both the House and Senate in session, there were 60 bills introduced. One of those bills will receive additional coverage in this blog: 

HR 8800 National Defense Authorization Act for Fiscal Year 2027. Rogers, Mike D. [Rep.-R-AL-3] 

For more information on these bills, including legislative history for similar bills earlier in the session, as well as a mention in passing of a bill that would require DHS training on identifying Native American citizens, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-13-26 - subscription required.