Review – Public ICS Disclosures – Week of 2-21-26 – Part 2

For Part 2 we have seven additional vendor disclosures from Trumpf, VMware (2), Wireshark (3), and Zyxel. There are ten vendor updates from FortiGuard (3), Hitachi Energy, HP (2), Moxa, and Siemens (3). There are 14 researcher reports for products from Owl (11), and Tattile (3). Finally, we have two exploits for products from Supermicro and Tesla.

Advisories

Trumpf Advisory - CERT-VDE published an advisory that discusses a least privilege violation vulnerability in multiple Trumpf products.

VMware Advisory #1 - Broadcom published an advisory that describes four vulnerabilities in the VMware Workstation and Fusion products.

VMware Advisory #2 - Broadcom published an advisory that describes three vulnerabilities in the VMware Aria Operations product.

Wireshark Advisory #1 - Wireshark published an advisory that describes a buffer over-read vulnerability in their RF4CE Profile dissector.

Wireshark Advisory #2 - Wireshark published an advisory that describes a NULL pointer dereference vulnerability in their NTS-KE dissector.

Wireshark Advisory #3 - Wireshark published an advisory that describes an allocation of resources without limit or throttling vulnerability in their USB HID dissector.

Zyxel Advisory - Zyxel published an advisory that describes seven vulnerabilities in multiple Zyxel product lines.

Updates

FortiGuard Update #1 - FortiGuard published an update for their FortiOS advisory that was originally published on February 10^th, 2026.

FortiGuard Update #2 - FortiGuard published an update for their OpenSSL advisory that was originally published on January 30^th, 20276, and most recently updated on February 17^th, 2026.

FortiGuard Update #3 - FortiGuard published an update for their cw_acd daemon advisory that was originally published on January 13^th, 2026, and most recently updated on January 19^th, 2026.

Hitachi Energy Update - Hitachi Energy published an update for their RTU500 advisory that was originally published on April 30^th, 2024, and most recently updated on September 9^th, 2025.

HP Update #1 - HP published an update for their Intel Xeon Processor advisory that was originally published on October 29^th, 2025.

HP Update #2 - HP published an update for their AMD Embedded Processors advisory that was originally published on September 30^th, 2025.

Moxa Update #1 - Moxa published an update for their Ethernet Switches advisory that was originally published on January 9^th, 2026.

Moxa Update #2 - Moxa published an update for their EDS-P510 Series advisory that was originally published on November 8^th, 2025.

Siemens Update #1 - Siemens published an update for their SINEC OS advisory that was originally published on August 12^th, 2025, and most recently updated on February 12^th, 2026.

Siemens Update #2 - Siemens published an update for their SINEC OS advisory that was originally published on August 12^th, 2025, and most recently updated on February 12^th, 2026.

Siemens Update #3 - Siemens published an update for their SINEC OS advisory that was originally published on January 28^th, 2026.

Researcher Reports

Owl Reports - Nozomi Networks published 11 reports describing vulnerabilities in the Owl OPDS data diode solution.

Tattile Reports - Zero Science published three reports about vulnerabilities in Tattile Cameras.

Exploits

Supermicro Exploit - Indoushka published an exploit for an old (2013) improper restriction of operations within the bounds of a memory buffer vulnerability in the Supermicro Onboard IPMI X9SCL.

Tesla Exploit - Nullze published an exploit for a denial-of-service vulnerability in the Tesla S/3/X.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-5e6 - subscription required.

Chemical Incident Reporting – Week of 2-21-26

NOTE: See here for series background.

Cofield, NC – 2-21-26

Local News Report: Here, here, and here.

There was a grain silo explosion at a feed mill. One employee died and two were transported to local hospital. There is no mention of the level of damages to the facility.

CSB reportable.

Colton, CA – 2-25-26

Local News Report: Here, here, and here.

There was an explosion in a trailer containing hydrogen cylinders. One person was killed and one was transported to hospital with burn injuries. The first article reported that the trailer contained hydrogen fuel cells which may have included hydrogen cylinder if they were operational.

Possible CSB reportable. While a fire/explosion in a trailer in transit would be an NTSB matter, a trailer parked at a fixed facility with ongoing operations out of the trailer would be a fixed site under EPA/CSB rules.

Brookfield, WI – 2-25-26

Local News Report: Here, here, here, and here.

There was a refrigerant leak at a large retail store. The building was evacuated. No injuries or damages were reported.

Not CSB reportable.

Greenville, NC – 2-25-26

Local News Report: Here, here, and here.

There was an apparent carbon monoxide leak at a manufacturing facility. The facility was evacuated and 18 employees were transported to local hospitals. There is no reported source of CO at the facility.

Possible CSB reportable if any of the 18 were admitted to the hospital.

Memphis, TN – 2-26-26

Local News Report: Here and here.

There was an unidentified chemical spill at a package shipping hub. No injuries were reported.

Not CSB reportable.

Review – Public ICS Disclosures – Week of 2-21-26 - Part 1

We have a busy disclosure week. For Part 1 we have 17 vendor disclosures from ABB (2), Dell, Festo, Fujitsu, Hitachi (2), Hitachi Energy (3), HP (2), HPE (3), Sick, and Supermicro.

Advisories

ABB Advisory #1 - ABB published an advisory that discusses an insecure default initialization of resource vulnerability in their Automation Builder product.

ABB Advisory #2 - ABB published an advisory that discusses three vulnerabilities in their AC500 V3 products.

Dell Advisory - Dell published an advisory that describes four vulnerabilities in their Wyse Management Suite.

Festo Advisory - CERT-VDE published an advisory that 126 vulnerabilities in the Festo Automation Suite product. These are third-party (CODESYS) vulnerabilities.

Fujitsu Advisory - JP-CERT published an advisory that describes an out-of-bounds write vulnerability in the Fujitsu Fujitsu BIOS Driver.

Hitachi Advisory #1 - Hitachi published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Configuration Manager and Ops Center API Configuration Manager products.

Hitachi Advisory #2 - Hitachi published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Configuration Manager and Ops Center API Configuration Manager products.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes four vulnerabilities (one with publicly available exploit) in their RTU500 series CMU Firmware.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes two vulnerabilities in their Relion REB500 Product.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that discusses a deserialization of untrusted data vulnerability in their Ellipse product.

HP Advisory #1 - HP published an advisory that discusses four vulnerabilities (two with publicly available exploits) in their LaserJet Enterprise and LaserJet Managed Printers.

HP Advisory #2 - HP published an advisory that describes three improper check for unusual or exceptional conditions vulnerabilities in multiple product lines utilizing the Intel NPU driver.

HPE Advisory #1 - HPE published an advisory that describes an authentication bypass vulnerability in their AutoPass License Server (APLS).

HPE Advisory #2 - HPE published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability in their ProLiant AMD DL/XL Servers.

HPE Advisory #3 - HPE published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability in their SimpliVity Servers.

Sick Advisory - Sick published an advisory that describes two use of risky or broken cryptographic algorithm vulnerabilities in their LMS1000 and MRS1000 products.

Supermicro Advisory - Supermicro published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability in multiple products.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-805 - subscription required.

Chemical Transportation Incidents – Week of 1-24-26

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 320 (288 highway, 29 air, 3 rail, 0 water)

• Serious incidents – 1 (1 Bulk release, 0 evacuation, 0 injury, 0 death, 1 major artery closed, 0 fire/explosion, 27 no release)

• Largest container involved – 27,312-gal DOT 111A100W5 Railcar {Hydrochloric Acid} Leaking pressure relief device.

• Largest amount spilled – 5,500-gal DOT 406 Trailer {Gasoline Includes Gasoline Mixed With Ethyl Alcohol, With Not More Than 10% Alcohol} Release due to roll-over truck accident.

• Total amount reported spilled in all incidents – 6595.7-gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Dimethyl Sulfide: A clear colorless to straw colored liquid with a disagreeable odor. Flash point less than 0°F. Less dense than water and slightly soluble in water. Vapors are heavier than air. (Source: CameoChemicals.NOAA.gov).

 

Review – CSB Publishes Dow EO Release Investigation Report

Yesterday the Chemical Safety Board (CSB) announced the publication of a report on the 2023 explosion and ethylene oxide release incident at the DOW plant in Plaquemine, Louisiana. The incident resulted in the release of 31,000-lbs of EO, but no one was reported injured and there were no deaths. The CSB reported three safety issues identified and published four safety recommendations. This leaves seven open investigations.

The incident involved the vapor relief system. Leaks in the system allowed air to enter the piping. When debris from equipment left in a large reflux drum punctured a rupture disk attached to the system, EO vapors entered the piping and created a flammable atmosphere in the piping. The resulting explosion propagated through the pressure relief system.

 

For more information on the report, including a description of the four recommendations – see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-publishes-dow-eo-release-investigation - subscription required.

BIS Sends AI Action Plan Final Rule to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the DOC’s Bureau of Industry and Security (BIS) on “AI Action Plan Implementation”. An interim final rule was published (under the earlier title of this rulemaking; Framework for Artificial Intelligence Diffusion) on January 15^th, 2025.

According to the Spring 2025 Unified Agenda for this rulemaking:

“The Bureau of Industry and Security (BIS) intends to rescind portions of the revisions and additions implemented by the Framework for Artificial Intelligence Diffusion,” published January 15, 2025. BIS intends to issue a new rule which will provide a more streamlined framework for enabling the secure deployment of advanced U.S. AI technology abroad.”

This final rule would appear to be beyond the normal scope of coverage of this blog, so I do not plan on detailed coverage of its publication. I would expect to announce that, however, in the appropriate Short Takes post.

10 Advisories and 3 Updates Published – 2-26-26

Today CISA’s NCCIC-ICS published 10 control system security advisories for products from Copeland, Yokogawa, Mobility46, EV Energy, SWITCH EV, Chargemap, EV2GO, CloudCharge, Pelco, and Johnson Controls. They also published updates for advisories from Honeywell, Schneider Electric, and Hitachi Energy.

Advisories

Copeland Advisory - This advisory describes 23 vulnerabilities in the Copeland XWEB and XWEP Pro plant management software.

Yokogawa Advisory - This advisory describes six vulnerabilities in the Yokogaw Vnet/IP Interface Package used in their CENTUM VP R6 and R7 products.

Mobility46 Advisory - This advisory describes four vulnerabilities in the Mobility46 mobility46.se digital parking management and EV charging solution.

EV Energy Advisory - This advisory describes four vulnerabilities in the EV Energy ev.energy EV charging management solution.

SWITCH EV Advisory - This advisory describes four vulnerabilities in the SWITCH EV SwitchEnergy.com multiple EV charging systems management.

Chargemap Advisory - This advisory describes four vulnerabilities in the Chargemap Chargemap.com EV fleet charging management.

EV2GO Advisory - This advisory describes four vulnerabilities in the EV2GO ev2go.io charging infrastructure management.

CloudCharge Advisory - This advisory describes four vulnerabilities in the CloudCharge cloudcharge.se charging facility management.

Pelco Advisory - This advisory describes an authentication bypass using an alternate path or channel vulnerability in the Pelco Sarix Pro 3 Series IP Cameras.

Johnson Controls Advisory - This advisory describes six vulnerabilities in the Johnson Controls Frick Controls Quantum HD compressor control panel.

Updates

Honeywell Update - This update provides additional information on the HIB2PI and HDZ Series CCTV Cameras advisory that was originally published on February 17^th, 2026.

Schneider Update - This update provides additional information on the EcoStruxure Power Operation advisory that was originally published on July 22^nd, 2025.

NOTE: I briefly discussed this new information on February 15^th, 2026.

Hitachi Energy Update - This update provides additional information on the Relion 670/650/SAM600-IO Series advisory that was originally published on May 13^th, 2025, and most recently updated on June 5^th, 2025.

NOTE: I briefly mentioned the Hitachi Energy update on February 1^st, 2026.

 

For more information on these advisories, including a DTRH look at EV charger cybersecurity research, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-and-3-updates-published-7f5 - subscription required.