Review – HR 7272 Introduced – DOE Pipeline Security

Back in January Rep Webber (R,TX) introduced HR 7272, the Pipeline Cybersecurity Preparedness Act. The bill would establish Department of Energy responsibilities for physical security and cybersecurity coordination to ensure the security, resiliency, and survivability of natural gas, hazardous liquid pipelines, and liquefied natural gas facilities. No new funding is provided.

Moving Forward

On February 4^th, 2026, the House Energy and Commerce Committee held a business meeting that included consideration of HR 7272. The bill passed, without amendments by a voice vote (pages 41-2). Pending publication of the committee report on the bill, the bill is ready for consideration by the full House. I suspect that it will be considered under the suspension of the rules process and would be expected to pass with strong bipartisan support.

Commentary

The inclusion of ‘hazardous liquid pipelines’ in the provisions of this bill is a tad bit odd as they would be a PHMSA area of expertise. While it is clear that general security requirements for energy pipelines would apply to non-energy related chemical pipelines, there are specific safety requirements that would be applicable to toxic chemical pipelines (downwind chemical detection comes to mind) that are probably not necessary for energy pipelines. Having said that, all of the voluntary security measures that would be developed under this bill’s provisions would be beneficial for hazardous liquid pipelines.

 

For more information on the provisions of this bill, including additional commentary on codifying DOE security research requirements, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-7272-introduced-doe-pipeline-security - subscription required.

Review – Public ICS Disclosures – Week of 2-28-26 – Part 2

For Part 2 we have five additional vendor updates from FortiGuard (2), GE Vernova, HPE, and VMware. There are 12 researcher reports about vulnerabilities in products from Biosig Project (3), Honeywell, and Philips (8). Finally, we have six exploits for products from Honeywell, Splunk, WatchGuard, and Wireshark (3).

Updates

FortiGuard Update #1 - FortiGuard published an update for their OpenSSL advisory that was originally published on January 30^th, 2026, and most recently updated on February25th, 2026.

FortiGuard Update #2 - FortiGuard published an update for their SSL-VPN bookmarks advisory that was originally published on October 14^th, 2025.

GE Vernova Update - GE published an update for their Universal Relay advisory that was originally published on December 14^th, 2025.

HPE Update - HPE published an update for their Aruba Networking EdgeConnect SD-WAN Orchestrator advisory that was originally published on January 14^th, 2026, and most recently updated on February 10^th, 2026.

VMware Update - Broadcom published an update for the VMware Aria Operations advisory that was originally published on February 24^th, 2026.

Researcher Reports

Biosig Reports - Cisco Talos published three reports about vulnerabilities in the Biosig Project libbiosig library.

Honeywell Report - Zero Science published a report that describes an improper authentication for critical function vulnerability (with publicly available exploit) in the Honeywell Trend IQ4 building controller.

Philips Reports - ZDI published eight reports of vulnerabilities in the Philips Hue Bridge product that were disclosed in a recent Pwn2Own contest.

Exploits

Honeywell Exploit - Indoushka published a Metasploit module for an improper authentication for critical function vulnerability in the Honeywell Trend IQ4 product.

Splunk Exploit - Indoushka published an exploit for a function call with incorrectly specified argument value vulnerability in the Splunk Enterprise product.

WatchGuard Exploit - WatchTowr published an exploit for an out-of-bounds write vulnerability in the WatchGuard Fireware OS product.

Wireshark Exploit #1 - Indoushka published an exploit for an allocation of resources without limit or throttling vulnerabilities in the Wireshark USB HID Protocol Dissector.

Wireshark Exploit #2 - Indoushka published an exploit for a buffer overread vulnerability in the Wireshark Dissector product.

Wireshark Exploit #3 - Indoushka published an exploit for a NULL pointer dereference vulnerability in the Wireshark Dissector product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-bb7 - subscription required.

Chemical Incident Reporting – Week of 2-28-26

NOTE: See here for series background.

Belle Rose, LA – 2-23-26

Local News Report: Here, here, here, and here.

There was a catastrophic equipment failure during the pressure test of a brine well. One employee was killed; two others were airlifted to a hospital.

CSB reportable. An overpressure incident is considered to be a release of a hazardous gas because a severe injury or death resulted from the release.

Neshoba, PA – 3-3-26

Local News Report: Here.

There was a single vehicle accident involving a tractor-trailer, with the trailer overturning and spilling ammonium nitrate fertilizer. No injuries were reported.

Not CSB reportable, transportation related.

Swedesboro, NJ– 3-4-26

Local News Report: Here, here, here, and here.

There was an apparent propane explosion at a food processing facility. Four employees were hospitalized in critical condition. There was extensive damage to the facility and neighboring properties. Building damage was reported as far as a mile away from the incident.

Note: Propane and butane are used to extract cocoa butter from cocoa beans, a process that may have been at use in this facility.

CSB reportable.

Ft Mill, SC – 3-5-26

Local News Report: Here, here, here, and here (this is for the earlier spill).

There was a hydrofluoric acid spill at a manufacturing facility. No injuries were reported. An adjacent elementary school canceled classes due to the spill.

NOTE: This was the second hazardous materials spill reported at the facility this week. The South Carolina Department of Environmental Services ordered the facility to cease operations until an inspection of the facilities Risk Management Plan could be completed by the State agency and the US EPA.

Not CSB reportable.

CSB Added Woodland Pulp Incident to Active Investigations List

Yesterday the US Chemical Safety Board (CSB) updated their Current Investigations page to add their investigation into the January 27^th, 2026 fatal release of hydrogen sulfide from the process server at the Woodland Pulp facility in Baileyville, ME. Initial reports indicated that the mixing of chemicals in the process sewer resulted in the formation of the hydrogen sulfide. One college intern was killed and nine other workers on the site were injured.

The Board had announced that it was beginning an investigation on February 9^th, 2026.

This brings the number of open CSB investigations to eight.

Review – Public ICS Disclosures – Week of 2-28-26 – Part 1

This week we have bulk vendor disclosures from Broadcom (23). There are 12 additional vendor disclosures from Belden, Dell, Endress+Hauser, HP (2), HPE, Mettler Toledo, Philips, Sick, and WatchGuard (3). We also have 4 vendor updates from Broadcom (4).

Advisories

Belden Advisory - Belden published an advisory that discusses the BlastRadius.Fail vulnerability.

Dell Advisory - Dell published an advisory that discusses 86 vulnerabilities in their ThinOS product.

Endress+Hauser Advisory - CERT-VDE published an advisory that discusses an out-of-bounds write vulnerability in the Endress+Hauser CC 100 and PFC 200 products.

HP Advisory #1 - HP published an advisory that describes an incorrect default permissions vulnerability in their Event Utility product.

HP Advisory #2 - HP published an advisory that describes a use of hard-coded cryptographic key vulnerability in their SIP Service Providers products.

HPE Advisory - HPE published an advisory that describes six vulnerabilities in their Aruba Networking Wireless Operating Systems.

Mettler Toledo Advisory - CERT-VDE published an advisory that discusses an HTTP request/response smuggling vulnerability (with publicly available exploit) in the Mettler Toledo LabX product.

Philips Advisory - Philips published an advisory that discusses two Cisco Secure Firewall Management Center vulnerabilities.

Sick Advisory - Sick published an advisory that describes two files or directories accessible to external parties vulnerabilities in their Lector85x and Lector83x products.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an expected behavior violation vulnerability in their FirewareOS products.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a cross-site scripting vulnerability in their Fireware OS Web UI products.

WatchGuard Advisory #3 - WatchGuard published an advisory that describes an out-of-bounds write vulnerability in their Fireware OS products.

Updates

Broadcom Update #1 - Broadcom published an update for their Fabric OS Web application advisory that was originally published on May 10^th, 2021.

Broadcom Update #2 - Broadcom published an update for their Fabric OS advisory that was originally published on September 27^th, 2024, and most recently updated on January 28^th, 2026.

Broadcom Update #3 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 15^th, 2024, and most recently updated on February 19^th, 2026.

Broadcom Update #4 - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 8^th, 2025, and most recently updated on February 19^th, 2026.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-04b - subscription required.

Review – Bills Introduced – 3-5-26

Yesterday, with both the House and Senate in session, there were 89 bills introduced. One of those bills may receive additional coverage in this blog:

HR 7850 To amend title 17, United States Code, to provide for the diagnosis, maintenance, and repair of certain digital electronic agricultural equipment. Spartz, Victoria [Rep.-R-IN-5]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, as well as a bill mentioned in passing authorizing NOAA Weather Radio, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-5-26 - subscription required. 

Chemical Transportation Incidents – Week of 2-1-26

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 454 (405 highway, 46 air, 4 rail, 0 water)

• Serious incidents – 1 (0 Bulk release, 0 evacuation, 0 injury, 0 death, 0 major artery closed, 3 fire/explosion, 54 no release)

• Largest container involved – 28,420-gal DOT111A100W1 Railcar {Acetone} Vapor eduction valve partially open, line not capped.

• Largest amount spilled – 115-gal IBC {Flammable Liquids, Corrosive, N.O.S.} Forklift puncture.

• Total amount reported spilled in all incidents – 1311.9-gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Nitrous Oxide: Nitrous oxide is a colorless, sweet-tasting gas. It is also known as "laughing gas". Continued breathing of the vapors may impair the decision making process. It is noncombustible but it will accelerate the burning of combustible material in a fire. It is soluble in water. Its vapors are heavier than air. Exposure of the container to prolonged heat or fire can cause it to rupture violently and rocket. It is used as an anesthetic, in pressure packaging, and to manufacture other chemicals. (Source: CameoChemicals.NOAA.gov).