Monday, February 23, 2026

Review – Committee Hearings – Week of 2-22-26

With both the House and Senate back in Washington, and with snow expected today, there is a relatively light hearing schedule. There are no hearings currently scheduled of specific interest here. Tuesday night is the State of the Union address by the President. The Senate will be having periodic (probably daily) cloture votes on HR 7147, the DHS spending bill; still no deal in sight there. The House has a short list (6) of bills that will be considered under the suspension of the rules process including one bill under Space Geek coverage here.

 

For more information on legislation and SOTU, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-2-22-26 - subscription required.

Short Takes – 2-22-26

Trump signals new tariffs plan. Here's how Section 122 works. Axios.com article. Pull quote: “The global break from President Trump's tariffs will only be temporary. For months, top Trump officials said they had a "Plan B" if the highest court blocked their signature economic policy — which could leave hefty import taxes on foreign consumer goods essentially intact.”

A high-stakes State of the Union just got harder for Trump. Politico.com article. Pull quote: “Economic growth is flagging. U.S. military assets are massing in the waters around Iran in anticipation of a potential strike that many in the president’s base find odious. A major government agency is shut down over an immigration standoff with Democrats sparked after federal agents killed two U.S. citizens. “Make America Healthy Again” activists are furious over Trump’s order boosting domestic production of the herbicide glyphosate. The scandal surrounding Jeffrey Epstein, the late convicted sex offender, continues to swirl.”

ICS Cybersecurity in 2026: Vulnerabilities and the Path Forward. Forescout.com blog post. Pull quote: “The number of OT/ICS vulnerabilities isn’t the only thing growing. They are also becoming more severe. The average CVSS score of advisories has been trending upwards (see below). Back in 2010, the average was 6.44, classified as medium severity. In 2024, the average crossed 8.0 for the first time and it remained there in 2025.”

Campus vaccine strategies put to test by rising measles cases. TheHill.com article. Pull quote: ““Academic institutions tend to be environments where infectious diseases can quickly spread. In one large classroom, many dozens of students can be confined in close spaces for prolonged periods of time. Under those conditions, even a single measles case is highly likely to spread widely across the campus, as students also live in close proximity with roommates in dorms and apartments,” Gostin said.”

How uncrewed narco subs could transform the Colombian drug trade. TechnologyReview.com article. Pull quote: “Analysts don’t think uncrewed narco subs will reshape the global drug trade, despite the technological leap. Trafficking organizations will still hedge their bets across those three variables, hiding cocaine in shipping containers, dissolving it into liquids and paints, racing it north in fast boats. “I don’t think this is revolutionary,” Shuldiner says. “But it’s a great example of how resilient cocaine traffickers are, and how they’re continuously one step ahead of authorities.”” What about narco terrorists shipping IED semisubmersibles?

Chemical Weapons by Violent Non-State Actors in Combat. SmallWarsJournal.com commentary. Pull quote: “While the use of chemical weapons by non-state actors in combat is a relatively new phenomenon, the examples of the LTTE and IS display several commonalities that may occur in future conflicts. Modern militaries should recognize and prepare for these risks, particularly in counterinsurgency operations. Chemical weapons deployed by similar organizations are likely to be crude and small-scale, deployed through explosives, primitive projectiles, or even wind dispersal, although there is a possibility of future drone use. Ultimately, it is likely that the psychological impact of these weapons will far outweigh any tactical advantage that they may confer.”

The scientist using AI to hunt for antibiotics just about everywhere. TechnologyReview.com article. Pull quote: “But de la Fuente is using artificial intelligence to bring about a different future. His team at the University of Pennsylvania is training AI tools to search genomes far and deep for peptides with antibiotic properties. His vision is to assemble those peptides—molecules made of up to 50 amino acids linked together—into various configurations, including some never seen in nature. The results, he hopes, could defend the body against microbes that withstand traditional treatments.”

Backlog List

Empower Biomed Engineers with Smarter Medical Device Intelligence,

A new diabetes treatment could free people from insulin injections,

Why Some Doctors Say There Are Cancers That Shouldn’t Be Treated,

Apple Supplier Hit by Cyberattack, Manufacturing Data at Risk,

‘Can You Print a House?’: God, Robots and the U.S. Housing Crisis,

Here's Where Measles Case Counts Are Highest,

The Nontoxic Cleaner That Kills Germs Better Than Bleach—And You Can Use It on Your Skin,

Stunning Antarctic Sea Creatures Discovered after Iceberg Breaks Away,

The Invisible Toll of Bird Flu on Wildlife, and

Defining WMD for Policy Issues.

Sunday, February 22, 2026

Review – Public ICS Disclosures – Week of 2-14-26 – Part 2

For Part 2 we have another set of bulk vendor disclosures from Splunk (11). We have three additional vendor disclosures from Broadcom, and Supermicro (2). There are six vendor updates from Broadcom (2), HP (2), and HPE (2). There is also a researcher reports for vulnerabilities in products from OpenCFD. Finally, we have two exploits for products from FortiGuard and Splunk.

Bulk Vendor Disclosures – Splunk

Third-Party Package Updates in Splunk DB Connect - February 2026,

Third-Party Package Updates in Splunk Enterprise - February 2026,

Third-Party Package Updates in Splunk Universal Forwarder - February 2026,

Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise,

Local Privilege Escalation in Splunk Enterprise for Windows through Python Module Search Path,

Sensitive Information Disclosure in "_internal" index in Splunk Enterprise,

Improper Access Control in Splunk Monitoring Console App,

Local Privilege Escalation (LPE) in Splunk Enterprise for Windows through DLL Search‑Order Hijacking,

Client-Side Denial of Service (DoS) through ''/splunkd/raw/services/authentication/ users/username'' REST API endpoint in Splunk Enterprise,

Sensitive Information Disclosure in "_internal" index in Splunk Enterprise,

Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise,

Advisories

Broadcom Advisory - Broadcom published an advisory that discusses an improper use of invalid use of special elements vulnerability in Brocade ASC-Gateway OVA.

Supermicro Advisory #1 - Supermicro published an advisory that discusses 19 vulnerabilities in multiple Supermicro products.

Supermicro Advisory #2 - Supermicro published an advisory that discusses the end-of-life Microsoft Secure Boot CA 2011 that affects multiple Supermicro products.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 7th, 2025, and most recently updated on January 27th, 2026.

Broadcom Update #2 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 14th, 2024, and most recently updated on July 8th, 2025.

HP Update #1 - HP published an update for their NVIDIA GPU Display Driver advisory that was originally published on September 25th, 2025, and most recently updated on December 11th, 2025.

HP Update #2 - HP published an update for their Intel Graphics Software advisory that was originally published on November 11th, 2025.

HPE Update #1 - HPE published an update for their StoreEasy Servers advisory that was originally published on February 11th, 2026.

HPE Update #2 - HPE published an update for their ProLiant AMD DL/XL Servers advisory that was originally published on February 10th, 2026.

Researcher Reports

OpenCFD Report - Cisco Talos published a report that describes a code injection vulnerability in the OpenCFD OpenFOAM simulation file.

Exploits

FortiGuard Exploit - Indoushka published an exploit for an exposure of sensitive information to an unauthorized actor vulnerability in the FortiGuard FortiOS.

Splunk Exploit - Indoushka published an exploit for a code injection vulnerability in the Splunk Enterprise product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-8f7 - subscription required.

Saturday, February 21, 2026

Chemical Incident Reporting – Week of 2-14-26

NOTE: See here for series background.

TWITTER: Chemical Incident Reporting – Week of 2-14-26 –

Janesville, WI – 2-12-26

Local News Report: Here, here, here, and here.

There was a steam explosion at a food processing facility. Two people were transported to a hospital with burns, one was sent onward to a burn unit. No reports yet on the amount of damages at the facility.

CSB reportable.

Alington, VT– 2-15-26

Local News Report: Here, here, here, and here.

There was a fuel tanker rollover accident with a release of fuel into a local stream. Responders dammed the stream so that the spilled fuel could be recovered. The driver received minor injuries.

Not CSB reportable, this was a transportation related incident.

Fairfield, OH – 2-17-26

Local News Report: Here, here, here, and here.

There was an explosion and fire at a food treatment facility. One worker was killed and two were transported to local hospitals. No reports yet on the amount of damages at the facility.

CSB reportable.

Toledo, OH – 2-20-26

Local News Report: Here, here, here, and here.

There was an anhydrous ammonia leak from a refrigeration system at a food processing facility. The facility was evacuated and a shelter-in-place order was put in place for the surrounding area. No injuries or damages were reported.

Not CSB reportable.

Review – Bills Introduced – 2-20-26

Yesterday, with the House meeting in pro forma session, there were 41 bills introduced. One of those bills will receive additional coverage in this blog:

HR 7625 To direct the Comptroller General of the United States to conduct a review of the budget, resources, and capabilities of the Coast Guard as the co-Sector Risk Management Agency for the marine transportation system. McDowell, Addison P. [Rep.-R-NC-6]

 

For more information on these bills, including legislative history for similar bills in the 118th Congress, as well as a mention in passing about a bill that would provide individuals tax credits for the recently vacated presidential tariffs, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-2-20-26 - subscription required.

Review – Public ICS Disclosures – Week of 2-14-26 – Part 1

This was a moderately busy disclosure week. For Part 1 we have bulk vendor disclosures from HPE (6). We have 12 additional vendor disclosures from Arista, Broadcom (2), B&R Automation, Dassault Systems (4), Hitachi, HP, Philips, and Sick.

Bulk Vendor Disclosures – HPE

HPESBHF04864 rev.1 - Certain HPE SimpiVity Servers Using Certain Intel Processors, INTEL-SA-01244, 2025.2 IPU, Intel Processor Advisory, Local Denial of Service Vulnerability,

HPESBNW04983 rev.1 - HPE Telco Service Orchestrator software, Prototype Pollution Vulnerability,

HPESBHF04967 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processor BIOS, INTEL-SA-01234, 2025.3 IPU, UEFI Reference Firmware Advisory., Multiple Vulnerabilities,

HPESBNW05011 rev.1 - Telco Service Activator, Improper Input Validation,

HPESBNW05012 rev.1 - Local Privilege Escalation Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM) OnGuard Software for Linux,

HPESBNW04998 rev.1 - Prototype Pollution Vulnerability in HPE Telco Network Function Virtualization Orchestrator

Advisories

Arista Advisory - Arista published an advisory that describes an operation on a resource after expiration or release vulnerability on multiple platforms running their EOS software.

Broadcom Advisory #1 - Broadcom published an advisory that discusses an improper neutralization of a NULL byte or NUL character vulnerability in their Brocade SANnav base OS.

Broadcom Advisory #2 - Broadcom published an advisory that discusses an out-of-bounds write vulnerability in their Brocade SANnav OVA products.

B&R Advisory - B&R published an advisory that discusses 25 vulnerabilities in their Automation Studio product.

Dassault Advisory #1 - Dassault published an advisory that describes a cross-site scripting vulnerability in their ENOVIAvpm Web Access product.

Dassault Advisory #2 - Dassault published an advisory that describes an out-of-bounds write vulnerability in their EPRT file reading procedure in SOLIDWORKS eDrawings.

Dassault Advisory #3 - Dassault published an advisory that describes an out-of-bounds read vulnerability in their EPRT file reading procedure in SOLIDWORKS eDrawings.

Dassault Advisory #4 - Dassault published an advisory that describes a use of uninitialized variable in their EPRT file reading procedure in SOLIDWORKS eDrawings.

Hitachi Advisory - Hitachi published an advisory that discusses 72 vulnerabilities in their Disk Array Systems. These are third-party (Microsoft) vulnerabilities.

HP Advisory - HP published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Samsung MultiXpress Multifunction Printers.

Philips Advisory - Philips published an advisory that discusses a Google Chrome use after free vulnerability.

Sick Advisory - Sick published an advisory that discusses two Eclipse Cyclone DDS vulnerabilities.

 

For more information on these disclosures, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-fb5 - subscription required.

Friday, February 20, 2026

Chemical Transportation Incidents – Week of 1-17-26

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

NOTE: PHMSA resumed making their database publicly searchable on February 17th, 2026.

Incidents Summary

• Number of incidents – 387 (349 highway, 36 air, 1 rail, 1 water)

• Serious incidents – 2 (0 Bulk release, 1 evacuation, 1 injury, 0 death, 0 major artery closed, 3 fire/explosion, 42 no release)

• Largest container involved – 4,378-gcf DOT 112J340W Railcar {Liquefied Petroleum Gas} Undescribed leak.

• Largest amount spilled – 55-gal Plastic Drum {Corrosive Liquids, N.O.S.} Other container fell on plastic drum.

• Total amount reported spilled in all incidents – 676.2-gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Heptanes - Clear colorless liquids with a petroleum-like odor. Flash point 25°F. Less dense than water and insoluble in water. Vapors heavier than air. (Source: CameoChemicals.NOAA.gov).

 



 
/* Use this with templates/template-twocol.html */