OMB Approves NASA Flight Analog Mission ICR Revision

Yesterday, yes on Memorial Day, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an information collection request revision from NASA on “Flight Analog Projects (FAP) Crew Selection Questionnaire”. The ICR supports the Flight Analog Projects (FAP) Crew Selection Questionnaire used by members of the public to apply for consideration as a NASA analog crew member. The table below shows the change in burden estimate: 

The OIRA announcement notes that: 

“Burden hours increased due to expanding response options in the updated questionnaire. The annual cost burden to respondents and the annualized Federal government cost increased due to updates to the median hour wage per the Bureau of Labor Statistics (BLS) data.” 

The NASA flight analog missions are activities conducted on Earth that simulate some of the challenges of space missions. There are currently two analog missions that are accepting applications: the 20-Foot Chamber and the Mars Exploration Analog. 

Review - Public ICS Disclosures – Week of 5-16-26 – Part 2

 For Part 2 this week we have nine additional vendor disclosures from Dell, HPE (4), Philips, TP-Link (2), and Wireshark. Finally, there are six vendor updates from Broadcom, ELECOM, HP, HPE, and Palo Alto Networks (2). 

Advisories  

Dell Advisory - Dell published an advisory that discusses 29 vulnerabilities in their ThinOS product. All but two of the vulnerabilities are third-party vulnerabilities. 

HPE Advisory #1 - HPE published an advisory that discusses two vulnerabilities in their Telco Universal SLA Management product. 

HPE Advisory #2 - HPE published an advisory that discusses the CopyFail vulnerability. 

HPE Advisory #3 - HPE published an advisory that discusses eight vulnerabilities (seven have publicly available exploits) in their Unified OSS Console Assurance Monitoring product. 

HPE Advisory #4 - HPE published an advisory that describes a privilege escalation vulnerability in their Cray Programming Environment. 

Philips Advisory - Philips published an advisory that discusses an F5 Networks heap-based buffer overflow vulnerability. 

TP-Link Advisory #1 - TP-Link published an advisory that describes an improper input validation vulnerability in multiple TP-Link Range Extenders products. 

TP-Link Advisory #2 - TP-Link published an advisory that describes a generation of error message that contains sensitive information vulnerability in their web management interface of Archer AX72. 

Wireshark Advisory - Wireshark published an advisory that describes a dissector crash vulnerability in their ROHC protocol. 

Updates  

Broadcom Update - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 7th, 2025, and most recently updated on March 3, 2026. 

ELECOM Update - JP-CERT published an update for their LAN routers advisory that was originally published on May 12th, 2026. 

HP Update - HP published an update for their Intel PROSet/Wireless WiFi Software advisory that was originally published on November 11th, 2025, and most recently updated on April 1st, 2026. 

HPE Update - HPE published an update for their Aruba Networking Virtual Intranet Access advisory that was originally published on January 13th, 2026. 

PAN Update #1 - PAN published an update for their Cloud Authentication Service advisory that was originally published on May 13th, 2026, and most recently updated on May15th, 2026. 

PAN Update #2 - PAN published an update for their DNS Proxy Server advisory that was originally published on May 13th, 2026, and most recently updated on May15th, 2026. 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-37e - subscription required. 

Chemical Incident Reporting – Week of 5-16-26

NOTE: See here for series background. 

Edison, NJ – 5-17-26  

Local News Report: Here, here, and here. 

There was an accident involving a fuel tanker that resulted in a massive fire. One person was killed and another was seriously injured and transported to the hospital. 

Not CSB reportable, transportation related incident. 

Belton, SC – 5-20-26  

Local News Report: Here, here, and here. 

There was a toxic vapor cloud released inside a business when sulfuric acid and bleach were mixed. No injuries or damages were reported. 

Not CSB reportable. 

Garden Grove, CA – 5-21-26  

Local News Report: Here, here, here, and here. 

There is an ongoing chemical incident at a chemical manufacturing facility. A methyl-methacrylate tank is undergoing a self-polymerization reaction. So far, there has been some periodic tank venting of the slightly toxic material as the exothermic reaction has raised the temperature and pressure within the tank. As the reaction proceeds, the temperature continues to increase, which increases the rate of reaction. The concern is that at some point the temperature and pressure will increase to the point that there will be a catastrophic failure of the storage tank leading to a large release of hot, flammable, toxic material. No injuries or damages have yet been reported, but 40,000 people have been evacuated from a large area around the facility. 

Not yet CSB reportable. 

St Louis, MO – 5-21-26  

Local News Report: Here, here, and here. 

There was an anhydrous ammonia leak from a food storage facility. No injuries or damages were reported. 

Not CSB reportable.