Review – Public ICS Disclosures – Week of 6-22-24 – Part 2

For Part 2 we have two more vendor disclosures from WatchGuard (2). There are also 23 vendor updates from Hitachi Energy, HP (2), HPE (19), and Moxa. Finally, we have four researcher reports describing vulnerabilities in products from Emerson, Plug&Track, Siemens, and TP-Link.

Advisories

WatchGuard Advisory #1 - WatchGuard published an advisory that describes a privilege escalation vulnerability in their Mobile VPN product.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a buffer overflow vulnerability in their Fireware OS product.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their IEDConnectivity Packages advisory that was originally published on November 15^th, 2022.

HP Update #1 - HP published an update for their AMD SPI Lock Bypass advisory that was originally published on June 11^th, 2024 and most recently updated on June 18^th, 2024.

HP Update #2 - HP published an update for their Plantronics Hub advisory that was originally published on December 20^th, 2023 and most recently updated on May 10^th, 2024.

HPE Updates - HPE continued updating older Aruba advisories to their HPE format, updating 19 advisories this week.

Moxa Advisory - Moxa published an update for their AWK-3131A Series that was originally published on February 24^th, 2020 and most recently updated on June 3^rd, 2020.

Researcher Report

Emerson Report - Claroty published a report describing four vulnerabilities in the Emerson Rosemount 370XA gas chromatograph.

Plug&Track Report - Nozomi Networks published a report that describes seven vulnerabilities in products from Plug&Track.

Siemens Report - SEC Consult published a report describing three vulnerabilities in the Siemens CP-8XXX Power Automation Products.

TP-Link Report - Talos Intelligence published a report that describes an active debug code in the TP-Link ER7206 Omada Gigabit VPN Router.

 

For more information about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-746 - subscription required.

Chemical Incident Reporting – Week of 6-22-24

NOTE: See here for series background.

Buckeye, AZ – 6-21-24

Local news reports: Here, here, here, and here.

Nitric acid spill during truck loading operations, 200-gal spilled. No injuries or damage were reported.

Not CSB reportable.

Elizabethtown, Ky – 6-25-24

Local news reports: Here, here, and here.

A employee was found dead inside a full chemical storage tank at a car parts manufacturing facility.

Probably not a CSB reportable, unless vapor emissions from the tank caused the individual to fall into the tank.

TRION, Ga – 6-26-24

Local news reports: Here, here, here, and here.

A truck carrying anhydrous ammonia developed leak in transit. Local evacuations, but no injuries or damages reported

Not CSB reportable – would be an NTSB incident.

Matteson, IL – 6-27-24

Local news reports: Here, here, and here.

A train derailment caused leaks of liquified petroleum gas from railcar containing residual materials. No injuries reported. Limited evacuation order still in place.

Not CSB reportable – would be an NTSB incident.

CRS Reports – Week of 6-22-24 – Use of Force in Cyberspace

This last week, the Congressional Research Service (CRS) published an updated version of their report “Use of Force in Cyberspace”. I last discussed this report in December 2023. There have been a number of small changes to the language of the report (adding the abbreviation ‘LOAC’ for the term ‘law of armed conflict’ used throughout the report). The changes do not make any significant change to the author’s points about how cyber operations fit into the concept of LOAC. Still, this short, 2-page report is one that periodically needs to be reviewed by Congress and the Executive Branch, as well as anyone concerned about cyberphysical operations by State actors.

Review – Public ICS Disclosures – Week of 6-22-24 – Part 1

This week we have 18 vendor disclosures from ABB, Hitachi (3), Hitachi Energy, Honeywell, HP (5), HPE, Moxa, Rockwell, and VMware (3).

Advisories

ABB Advisory - ABB published an advisory that discusses an untrusted search path vulnerability in their PCM600 Installer product.

Hitachi Advisory #1 - Hitachi published an advisory that discusses two vulnerabilities in their Storage Provider for VMware vCenter product.

Hitachi Advisory #2 - Hitachi published an advisory that describes an incorrect default permissions vulnerability in their Storage Provider for VMware vCenter.

Hitachi Advisory #3 - Hitachi published an advisory that discusses 36 vulnerabilities in their Disk Array products.

Hitachi Energy Advisory - Hitachi Energy published an advisory that discusses four vulnerabilities in their AFS/AFR series products.

Honeywell Advisory - Honeywell published an advisory that discusses an uncontrolled search path vulnerability in their MAXPRO NVR Computer.

HP Advisory #1 - HP published an advisory that discusses the Zenbleed vulnerability in their AMD Client UEFI.

HP Advisory #2 - HP published an advisory that describes a TOCTOU vulnerability in their PC Bios products.

HP Advisory #3 - HP published an advisory that describes three vulnerabilities in multiple HP PC products.

HP Advisory #4 - HP published an advisory that discusses the LogoFAIL vulnerabilities in multiple PC Bios products.

HP Advisory #5 - HP published an advisory that discusses an uncontrolled search path element vulnerability in multiple HP PC products.

HPE Advisory #1 - HPE published an advisory that discusses ten vulnerabilities in their ProLiant DL/XL Servers and Cray Supercomputer products.

HPE Advisory #2 - HPE published an advisory that describes a code injection vulnerability in their Athonet Mobile Core.

Moxa Advisory - Moxa published an advisory that describes three vulnerabilities in their EDS-405A/408A Series products.

Rockwell Advisory - Rockwell published an advisory that describes three improper input validation vulnerabilities in their ThinManager ThinServer product.

VMware Advisory #1 - Broadcom published an advisory that describes three vulnerabilities in their ESXi and vCenter Server products.

VMware Advisory #2 - Broadcom published an advisory that describes an improper privilege management vulnerability in their Cloud Director product.

VMware Advisory #3 - Broadcom published an advisory that describes an insertion of sensitive information vulnerability in their Cloud Director Object Storage Extension.

 

For more information on these disclosures, including 3rd party reports, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-601 - subscription required.

Short Takes – 6-28-24

Attrition: New Pattern of Death in Ukraine. StrategyPage.com article. Pull quote: “Currently there is no effective defense from these FPV attack drones, and that’s why these drones cause most of the casualties in Ukraine. Over the last few decades the cost of the FPV drone systems components have come way down, while the size of these components is smaller and more reliable. Overall, the new FPV system made it a lot cheaper to inflict casualties and that had a devastating effect on troop morale. Once you saw or heard the FPV drones you either found a place to hide or became a casualty. Ukraine considers the attack drones rounds of ammunition which are cheaper and more precise than artillery shells. There is still a role for artillery when it comes to destroying structures or blocking access to a road interdiction fire. But when it comes to deliberately causing casualties, drones are the weapon of choice. That’s why Ukraine is building nearly 100,000 drones a month in 2024.”

H5N1 bird flu can remain infectious in raw milk for at least an hour, study finds. LiveScience.com article. Pull quote: “"There is something about the milk that is making it [H5N1] more stable, and allowing it to survive for longer periods of time," Le Sage said. "But we don't know what component is causing this."”

The mirage at the core of space commerce, space stations, and other options. TheSpaceReview.com article. Political and economic drivers of space economy. Pull quote: “Microgravity materials processing holds the promise of economic growth but first the products produced must prove an economic or social benefit justifying the cost. Until that potential is tapped, space commerce remains refinements of what happened in the 19th century when the telegraph accelerated the spread of information exponentially. Now, humans stand on the cusp of a dramatic expansion of humanity into space, but the economic underpinning remains fragile. Moving to the next level does not demand immediate access to Mars but the creation of a viable, resilient human space economy.”

DHS Civil Monetary Penalty Adjustments for Inflation. Federal Register DHS direct final rule. Summary: “In this final rule, DHS adjusts for inflation its civil monetary penalties for 2024, in accordance with the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 and Executive Office of the President (EOP) Office of Management and Budget (OMB) guidance. DHS is also accounting for additional civil monetary penalties that the U.S. Coast Guard is statutorily authorized to collect. The new penalty amounts will be effective for penalties assessed after June 28, 2024 whose associated violations occurred after November 2, 2015.

House Passed Three Spending Bills – 6-28-24

This morning the House completed work on the three spending bills that it has been working on this week under  H Res 1316. All three spending bills passed with near party-line votes

HR 8774, DOD Spending

At the start of this morning’s session, the House took up the last three amendments for HR 8774, the DOD spending bills. They then considered a routine series of procedural moves before moving to the final vote on the bill. The House passed the bill by a vote of 217 to 198. Five Democrats voted with the Republicans and on Republican voted with the Democrats. Seventeen members did not vote.

HR 8752, DHS Spending

The House then took up HR 8752, the FY 2025 DHS spending bill. After a series of routine procedural moves, the House voted 212 to 203 to pass the bill. One Democrat and one Republican voted with the other side. Seventeen members did not vote.

HR 8771, State Dept Spending

The House then took up HR 8771, the FY 2025 State Department spending bill. Again, after a series of routine procedural moves the House voted 212 to 200 to pass the bill. Again, one Republican and one Democrat voted with the other side. Twenty members did not vote.

Moving Forward

The Senate will not consider the passed language for HR 8774 and HR 8771, they will instead take up language still to be crafted by the Senate Appropriations Committee as substitute language for these bills. In the unlikely event that one of these bills passes in the Senate (after being further amended) before the end of September, a conference committee will work out the differences between the House and Senate versions. What is more likely is that an omnibus (or series of minibus) spending bill(s) will be crafted behind closed doors by the respective leaders of the two spending committees. What is not clear yet is the timing of that/those bills; whether it will be in December of this year or March of next.

Transportation Chemical Incidents – Week of 5-25-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 523 (437 highway, 82 air, 4 rail, water 0)

• Serious incidents – 2 (2 Bulk release, 0 evacuation, 0 injury, 0 death,0 major artery closed, 0 fire/explosion).

• Largest container involved – 30,290-gal DOT 117R100W railcar {Diesel Fuel} UTLX 208792 had a slow drip of diesel from the bottom outlet valve cap, BOV not completely closed.

• Largest amount spilled – 275-gal Plastic IBC (Flammable Liquids, N.O.S.) 1 of 4 totes was ruptured due to load shift and had leaked to empty.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Toluidines Liquid – One or more of three isomers. Colorless to light yellow liquids. Slightly denser than water. Slightly soluble in water. Aromatic odors. Toxic by inhalation of vapors or dusts and by skin absorption. Toxic oxides of nitrogen are produced during combustion. Combustible – flashpoint 185°F. Used as chemical intermediate for manufacturing textile dyes, rubber chemicals, pharmaceuticals, and pesticides.

DOD Send 9 CMMC Model Guidance Documents to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received nine separate guidance documents for the DOD’s “Cybersecurity Maturity Model Certification (CMMC) Program”.  Those documents included:

Cybersecurity Maturity Model Certification (CMMC) Program,

CMMC Assessment Guide - Level 1,

CMMC Assessment Guide - Level 2,

CMMC Assessment Guide - Level 3,

CMMC Hashing Guide,

CMMC Model Overview,

CMMC Scoping Guide - Level 1,

CMMC Scoping Guide - Level 2,

CMMC Scoping Guide - Level 3

Guidance documents are not typically listed in the Unified Agenda, so there is no official abstract available for these publications. DOD has updated their CMMC website to provide an overview of the program revisions being proposed.

Short Takes – 6-27-24

NBC Weapons: Chemical Warfare in Ukraine. StrategyPage.com article. An interesting take on chemical warfare in Ukraine. Pull quote: “Chloropicrin is most effectively used as an enhancer for more dangerous gases in that it makes victims gasp for breath, and so leads them to inhale more of any really lethal war gases delivered soon afterwards. The element which makes Chloropicrin so effective is that it has a two-hour delayed effect so victims are rarely aware that they have been exposed to it. That makes later delivery of more lethal agents much more effective because victims are then unable to don gas masks. And the Chloropicrin is disabling by itself as well as lethal in strong concentrations. It might be cheaper than more lethal agents.”

Cooperative Research and Development Agreement: Payload Incorporated With Computer Vision and Machine Learning. Federal Register Coast Guard notice of intent. Summary: “The Coast Guard is announcing its intent to enter into a Cooperative Research and Development Agreement (CRADA) with AeroVironment, Inc. to evaluate payload(s) that can accelerate autonomy to fielded assets and uncrewed platforms, and automated overhead imagery analysis tool software. The Coast Guard is currently considering partnering with AeroVironment, Inc. to investigate their payload that seamlessly integrates with current AeroVironment UAS in use by the Coast Guard and solicits public comment on the possible participation of other parties in the proposed CRADA, and the nature of that participation. While the Coast Guard is currently considering partnering with AeroVironment, Inc., we are soliciting public comment on the possible nature of and participation of other parties in the proposed CRADA. In addition, the Coast Guard also invites other potential Federal participants, who have the interest and capability to bring similar contributions to this type of research, to consider submitting proposals for consideration in similar CRADAs.” Comment due date: July 26^th, 2024.

Why don’t we know how antidepressants work yet? ChemistryWorld.com article. Pull quote: “Ultimately, Hashemi is confident that scientists can solve the SSRI puzzle, citing the 80 years it took to work out how aspirin worked. ‘People have lost patience with the process with SSRIs,’ she says. ‘But that doesn’t mean the community is not working full time trying to understand how they work. We don’t have the technology that we need right now. But we will, it’s just a question of time.’”

Investigative Update Release Date 24 June 2024. NTSB.gov investigation update. Pull quote: “During the accident voyage, electrical breakers HR1 and LR1 unexpectedly opened when the vessel was three ship lengths from the Key Bridge, causing the first blackout (loss of electrical power) to all shipboard lighting and most equipment. While examining and testing the vessel’s electrical power distribution system and control circuitry, NTSB investigators (in coordination with vessel crew and parties to the investigation) noted an interruption in the control circuit for HR1’s undervoltage release.”

Studies find little to no immunity to H5N1 avian flu virus in Americans. CIDRAP.UMN.edu article. Pull quote: “Scientists challenged the blood samples with the H5N1 virus to gauge if there was an antibody reaction. They found that antibody levels were low in people who were or weren't vaccinated against seasonal flu, hinting at little to no pre-existing immunity and that most of the population would be susceptible if the virus changed to a form that more easily spreads among people.”

2024’s violent tornado season has been one of the most active on record − a meteorologist explains the weather behind the outbreaks. TheConversation.com article. Pull quote: “The expected decline in the number of tornadoes in the Plains is likely related to increasing heat over the high ground of the desert Southwest and Mexico. That heat flows over the Great Plains a few thousand feet above ground, creating a cap, or lid. The cap lets heat and moisture build up until it punches through to form a thunderstorm. This hot, moist air is why the central U.S. is home to the most violent tornadoes on Earth.One theory is that, with climate change, the cap will likely be harder to break through, reducing the number of tornadoes in the Plains. At the same time, increasing heat and moisture elsewhere will fuel more tornadoes in the East. Long-term trends and climate model predictions also suggest that more tornadoes are occurring during the cooler months, particularly in the Southeast. Tornadoes are also occurring on fewer days each year, but on the days when they do form, there is more likely to be an outbreak with several tornadoes.”

Agency Information Collection Activities; Submission for OMB Review; Comment Request; Personal Protective Equipment for General Industry. Federal Register OSHA 30-day ICR notice. Slight, unexplained reduction in burden estimate. Summary: “The Department of Labor (DOL) is submitting this Occupational Safety & Health Administration (OSHA)-sponsored information collection request (ICR) to the Office of Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995 (PRA). Public comments on the ICR are invited.” Comments due July 29^th, 2024.

House Continues Consideration of Spending Bills – 6-27-24

The House today continued consideration of spending bills under the provisions of H Res 1316. The House continued work on HR 8771, the FY 2025 State Department spending bill and began considering HR 8774, the FY 2025 DOD spending bill. The House did not complete action on either bill.

State Spending Bill

The House worked through amendment #75 today. This was the last amendment to be considered. All that remains at this point is a final vote on the bill. That is expected tomorrow.

DOD Spending Bill

The House worked through amendment #140 (out of 193 approved by the rule). They also approved five sets of en bloc amendments, each bloc approved by voice votes. The three amendments I briefly described as being of interest here in this morning’s post were all approved in separate en bloc amendments.

Moving Forward

The House still plans on completing work on all three bills tomorrow. It certainly looks like they should be able to get to final votes. The only thing that could delay final consideration is if the leadership is unsure whether they will have the votes to pass the bill, and with the current limited majority that is far from guaranteed. Rather than risk the embarrassment of any of the bills being rejected, the Speaker is likely to ‘postpone’ a final vote on one or more of the bills until further deals can be made.

Review – 7 Advisories Published – 6-27-24

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Johnson Control (4), Yokogawa, SDG Technologies and TELSAT.

Advisories

Johnson Controls Advisory #1 - This advisory describes a storing password in recoverable format vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Johnson Controls Advisory #2 - This advisory describes an insertion of sensitive information into a log file vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Johnson Controls Advisory #3 - This advisory describes a storing password in recoverable format vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Johnson Controls Advisory #4 - This advisory describes an improper input validation vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Yokogawa Advisory - This advisory describes two vulnerabilities in the Yokogawa FAST/TOOLS and CI Server products. The vulnerabilities are self-reported.

SDG Advisory - This advisory describes a missing authorization vulnerability in the SDG PnPSCADA web-based SCADA HMI.

TELSAT Advisory - This advisory describes four vulnerabilities (three with known exploits) in the TELSAT marKoni FM Transmitters.

 

For more information on these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-6-27-24 - subscription required.

Short Takes – 6-27-24 – Space Geek Edition

Historic Moon Mission Moves China Ahead in Space Race With U.S. WSJ.com article. Pull quote: “At the [April congressional] hearing, Nelson said China’s territorial claims offer a warning of how China might behave. During a visit to the White House in 2015, Chinese leader Xi Jinping pledged that China wouldn’t militarize the South China Sea. But it has since built airfields and missile silos on islands claimed by the Philippines and other nations, insisting it has exclusive rights over the region.”

NASA picks SpaceX to create a space station killer. CosmicLog.com article. Pull quote: “Neither NASA nor SpaceX has released a design concept for the U.S. Deorbit Vehicle. However, SpaceX has a wide array of spacecraft designs it could start with, including its Starship super-rocket (currently in testing) and its Dragon XL cargo vehicle (which NASA selected for supplying its future Gateway in lunar orbit). Who knows? It might even be a hopped-up version of the Dragon capsule that started delivering cargo to the ISS way back in 2012.”

NASA awards SpaceX contract for space station deorbit vehicle. SpaceNews.com article. Pull quote: “NASA, in its solicitation for the USDV, emphasized the importance of vehicle reliability. “It will be a new spacecraft design or modification to an existing spacecraft that must function on its first flight and have sufficient redundancy and anomaly recovery capability to continue the critical deorbit burn,” it said in a statement last fall when it released the request for proposals for the vehicle.”

Russian satellite breaks up in space, forces ISS astronauts to shelter. Reuters.com article. Pull quote: “In the roughly 88-minute window of RESURS-P1's initial break-up, the Plesetsk [Russian ASAT] launch site was one of many locations on Earth it passed over, but there was no immediate indication from airspace or maritime alerts that Russia had launched a missile to strike the satellite, space-tracker and Harvard astronomer Jonathan McDowell said.”

Two Killer Asteroids Are Flying by Earth, and You May Be Able to See One. NYTimes.com article. Pull quote: “However, two days later, the smaller space rock, named 2024 MK will get considerably nearer to humanity. On Saturday, at 9:46 a.m. Eastern time, it will zip by Earth at 75 percent of the distance to the moon. If you have a decent backyard telescope or perhaps even with some good binoculars, and your skies are cloud-free, you could see the 400- to 850-foot rock as a speck of light zipping across the starry sky ahead of the sun coming up.”

House to Consider HR 8774 – FY 2025 DOD Spending

The House is scheduled to begin consideration of HR 8774, the FY 2025 DOD spending bill, today. It will be considered under the same rule (H Res 1316) that was approved yesterday for the consideration of HR 8752 (DHS spending) and HR 8771 (State Dept spending). That rule provides for the consideration of 193 potential amendments, more than were allotted for the other two bills combined.

Those amendments include all three of the ones that I briefly mentioned on Monday. They are:

70. James (R,MI): Offsets $12 million from Defense-Wide Operations and Management for Defense-Wide RDTE, Cyber Security Research for establishing a Connected Vehicle Cybersecurity Center. (10 minutes)

158. Strong (R,AL), Sewell (AL): Increases Army RDT&E (H. Rept. 118-557: Line 16, Air and Missile Defense Technology, PE 0602150A) by $5,000,000 for Automated Software Weakness and Vulnerability Discovery for Binary Code. (10 minutes)

191. Wilson (R,SC), Kiggans (VA): Increases and decreases defense-wide RDT&E by $6,000,000 for Cyber Talent & Curriculum Development/ Platform & Critical Infrastructure Defense Cybersecurity Research. (10 minutes)

There are more relatively non-controversial amendments to be considered with the DOD bill; many increasing spending that would affect jobs in the sponsor’s district. I would expect to see more of these amendments being considered during en bloc considerations.

Interestingly, the DHS spending bill is not listed on today’s schedule for consideration. It could still finish up tomorrow morning before they complete work on the DOD spending bill.

Bills Introduced – 6-26-24

Yesterday with just the House in session, there were 20 bills introduced. One of those bills will receive additional coverage in this blog:

HR 8837 To require the Administrator of the National Aeronautics and Space Administration to develop celestial time standardization to support future operations and infrastructure on and around the Moon and other celestial bodies other than Earth, and for other purposes. McClellan, Jennifer L. [Rep.-D-VA-4]

No, this bill does not fall within the ‘normal’ scope of coverage of this blog, but it will be part of the expanding ‘Space Geek’ coverage that readers have been seeing in my ‘Short Takes’ posts.

Spending Bills Considered – 6-26-24

Today the House began consideration of three spending bills (HR 8774, DOD spending; HR 8752, DHS spending; and HR 8771, State Department spending) after approving the rule for that consideration (H Res 1316) by a straight party-line vote of 207 to 201 with 12 members from each party not voting.

The House started with the consideration of HR 8752, the FY 2025 DHS spending bill. After working through the first 39 amendments (and one en bloc amendment containing 28 individual amendments), the House postponed further consideration of the bill at about 4:45 pm EDT.

The House then began consideration of HR 8771, the State Department spending bill. After working through the first 45 amendments (and on en block amendment containing 32 individual amendments), the House postponed further consideration of the bill at about 8:15 pm EDT.

The House will probably resume consideration of these two bills tomorrow, with final votes before dinner. The House will then likely begin consideration of HR 8774, the FY 2025 DOD spending bill. The House is scheduled to hold their final vote of the week at about 3:00 pm on Friday.

FHWA Sends Vehicle Charging Infrastructure RFI to OMB

Yesterday the OMB’s Office of Information and Regulatory affairs announced that it had received a notice of request for information (RFI) from the DOT’s Federal Highway Administration (FHWA) on “Notice of Request for Information (RFI) on Medium and Heavy-Duty Electric Charging Technologies and Infrastructure Needs”. There is no entry in the Fall 2023 Unified Agenda for this RFI.

I expect that there will be a selection of questions on cybersecurity for charging systems in the RFI.

Bills Introduced – 6-25-24

Yesterday, with just the House in Washington and the Senate meeting in pro forma session, there were 33 bills introduced. Two of those bills may receive additional attention in this blog:

HR 8812 Water Resources Development Act of 2024 Graves, Sam [Rep.-R-MO-6] 

HR 8816 American Medical Innovation and Investment Act of 2024 Buchanan, Vern [Rep.-R-FL-16]

I will be watching both bills for the inclusion of definitions or language that would include cybersecurity requirements, or in the case of HR 8816, chemical safety or security issues.

Rule for Consideration of HR 8752 – FY 2025 DHS Spending

Last night, the House Rules Committee finished their consideration of three spending bills (HR 8774, DOD spending; HR 8752, DHS spending; and HR 8771, State Department spending). They crafted a single rule (H Res 1316) for the consideration of the three bills. This is a structured rule with limited debate and a limited number of amendments that can be considered on the floor.

For HR 8752, the rule provides for potential consideration of only 61 amendments (listed in H Rept 118-559, pgs 32-6) out of the 252 amendments that had been submitted to the Rules Committee. Neither of the two amendments that I had discussed as being of potential interest here were included in the 61. Specifically, Garbarino’s CFATS spending amendment was not included in the list to be considered. So there will be no provisions in this bill that will ‘save’ the CFATS program. 

As was done last year with HR 4367 (FY 2024 DHS spending), the Rule contains the following provision:

“31. Provides that the Clerk shall not transmit to the Senate a message that the House has passed H.R. 8752 until notified by the Speaker that H.R. 2, as passed by the House on May 11, 2023, has been enacted into law.”

HR 2 is the Republican signature border security bill. Since the Democratically controlled Senate is not going to consider HR 2, this means that there will be no mechanism for the Senate to consider HR 8752. As we saw last year, the Senate, in considering one of the other spending bills can just include language from their version of the DHS spending bill (not yet crafted) as part of the substitute language for that other spending bill. And besides that, we are almost certainly going to see some sort of omnibus or minibus spending bill later this year or next instead of passing 12 spending bills, so this provision is grandstanding on the part of the House leadership.

The House will take up H Res 1316 today. While that resolution lists the three spending bills in DOD, State, and DHS order, that does not mean that that will be the order in which the bills are considered. It is even possible (it was done last year) that they could consider some of the amendments in each bill and then come back and finish up each bill later. The only thing we know about the plan at this point is that the House Leadership plans to finish up votes by 3:00 pm (EDT) on Friday.

Short Takes – 6-25-24

UN Security Council to debate cybersecurity threats, despite Russian veto. TheRecord.media article. Pull quote: “The resolution was put forward following what will be the panel of experts’ final report in March. The report said the panel was investigating 58 cryptocurrency heists that took place over the six years between 2017 and 2023, believed to have brought in roughly $3 billion for Pyongyang. The panel also said it was investigating suspected arms transfers from North Korea to Russia.”

Why American tech companies need to help build AI weaponry. WashingtonPost.com commentary. Pull quote: “We do not advocate a thin and shallow patriotism — a substitute for thought and genuine reflection about the merits of our nation as well as its flaws. We only want America’s technology industry to keep in mind an important question — which is not whether a new generation of autonomous weapons incorporating AI will be built. It is who will build them and for what purpose.”

FBI and HHS release joint cybersecurity advisory on social engineering threats affecting healthcare sector. IndustrialCyber.co article. Pull quote: “In some observed instances, the threat actor contacted an organization’s IT Help Desk, impersonating an employee, to initiate a password reset for a specific organizational account. In another scenario, hackers created a phishing domain that differed by just one character from the legitimate organizational domain, specifically targeting the organization’s Chief Financial Officer (CFO).”

‘Unconscionable’: East Palestine investigator accuses Norfolk Southern of trying to undermine derailment probe. Politico.com article. Pull quote: “Homendy’s accusations aside, the NTSB on Tuesday also recommended significant changes to the railroad industry’s ability to self-regulate certain aspects of the industry’s operations in favor of stronger federal safety regulations.”

WHO ignites calls for urgent action on a dangerous mpox strain. TheHill.com article. Pull quote: “In a separate briefing, John Claude Udahemuka of the University of Rwanda said the strain spreading in Congo’s difficult-to-reach South Kivu province is a mutated version of the virus that’s been in the country for decades, and he said it was extremely dangerous.”

Dengue fever surging in all 50 states. These are symptoms you should watch for. TheHill.com article. Pull quote: “In the United States, the numbers have been far more modest — about 3,000 cases last year in U.S. states and territories. But it was the worst in a decade, and included more infections that occurred locally, courtesy of native mosquitoes. Most were in Puerto Rico, but about 180 were in three U.S. states — Florida, Texas and California.”

99 SpaceX Raptor Engines Before New Mass Production of Thousands. NextBigFuture.com article. Pull quote: “Elon talked about eventually getting the SpaceX engines to 330-335 tons of thrust per engine. This will mean 33 SpaceX raptor engines will give Starship triple the thrust of the Saturn V. In expendable mode, the Starship will be able to deliver 400-500 tons to orbit.”

Review - Committee Hearings – Week of 6-23-24

With just the House in session this week (the Senate is out for their 2-week 4^th of July holiday, the House joins them next week), there is a moderately busy hearing week. More FY 2025 spending bills will be marked-up. Of specific interest here, there will be a cyber workforce hearing and a critical infrastructure resilience hearing.

Spending Bills

Subcommittees of the House Appropriations Committee will be holding hearings this week, marking up their respective spending bills.

Spending Bill	House Hearings
CJS	Subcommittee
LHH	Subcommittee
THUD	Subcommittee
IER	Subcommittee
EWR	Subcommittee

Other Hearings

Cyber Workforce Hearing - On Wednesday the House Homeland Security Committee will be holding a hearing on “Finding 500,000: Addressing America’s Cyber Workforce Gap”.

Critical Infrastructure Resilience - On Thursday, the Subcommittee on Cybersecurity and Infrastructure Protection of the House Homeland Security Committee will hold a hearing on “Sector Down: Ensuring Critical Infrastructure Resilience”.

Spending Bills on the Floor

As I write this post, the House Rules Committee is in recess on their hearing to formulate a rule for the consideration of three spending bills this week; HR 8752, DHS spending; HR 8774, DOD spending; and HR 8771, State Department. The House plans on completing all four bills before 3:00 pm on Friday.

 

For more information on these hearings, including witness lists, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-6-23-24 - subscription required.

Review – 2 Advisories Published – 6-25-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from PTC and ABB.

Advisories

PTC Advisory - This advisory describes a missing authentication vulnerability in the PTC Creo Elements Direct License Server.

ABB Advisory - This advisory describes an improper input validation vulnerability in the ABB 800xA Base services in PC based client/server nodes.

 

For more information on these advisories, including another Otorio reported vulnerability in the ABB product, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-6-25-24 - subscription required.

Short Takes – 6-25-24 – Space Geek Edition

China’s Chang’e-6 Probe Drops Off Samples From Moon’s Far Side. UniverseToday.com article. Pull quote: “The samples are expected to include volcanic rock and other materials that could shed fresh light on the moon’s origins and compositional differences between the near side and the far side. Scientists may also learn more about resources in the moon’s south polar region. That region is of high interest because it’s thought to harbor deposits of water ice that could be used to support future lunar settlements.”

Europe aims to end space access crisis with Ariane 6’s inaugural launch. SpaceNews.com interview. Pull quote: “Tolker-Nielsen: We have done everything that can be done on the ground to ensure that this inaugural flight is a success. I’m quite excited and 98% confident! Things look good at this point. The launcher is fully qualified on the ground. We feel reasonably confident about launching on July 9 as we solve minor problems on a daily basis. On this demonstration flight, we have thousands of sensors on the rocket to measure the performances and validate our models. Then, we’ll need five months until the second flight to analyze all the flight data.”

Jeff Bezos' Blue Origin could soon launch Nigeria's 1st-ever space tourist. Space.com article. Pull quote: “The Space Exploration and Research Agency (SERA), a U.S. for-profit company, has guaranteed that one of the six seats for an upcoming flight of Blue Origin's New Shepard suborbital vehicle will go to a Nigerian, Semafor reports.”

NASA calls off spacewalk at last minute as astronaut suit malfunctions. CNN.com article. Pull quote: ““There’s still water shooting out,” Dyson said at one point. “We can assume that water got into that connector, electrical connector.””

ISRO nails autonomous landing experiment of Reusable Launch Vehicle, big boost for orbital re-entry missions. BusinessToday.com article. Pull quote: ““Pushpak executed a precise horizontal landing, showcasing advanced autonomous capabilities under challenging conditions. With the objectives of RLV LEX accomplished, ISRO embarks into RLV-ORV, the orbital reusable vehicle,” ISRO said in a post on X (formally Twitter).”

Review - CSB Updates Status of 5 Recommendations – 6-19-24

In addition to adding seven new recommendations yesterday, last week the Chemical Safety Board updated the status of five recommendations, closing all five recommendations. The closed recommendations were:

2021-01-I-TN-R3 - Wacker Polysilicon,

2021-01-I-TN-R4 - Wacker Polysilicon,

2021-01-I-TN-R5 - Wacker Polysilicon,

2021-05-I-TX-R3 - Turn2 Specialty Companies, and

2011-06-I-HI-R8 - National Fire Protection Association (NFPA)

According to the CSB’s Recommendation Status Updates page the Board has issued 997 recommendations over the years with 843 of those recommendations having been closed as of June 19^th. This leaves 154 recommendations currently open.

For more information on the closed recommendations, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updates-status-of-5-recommendations - subscription required.

Review - CSB Publishes BP-Husky Refinery Investigation Report

Yesterday, the Chemical Safety Board (CSB) announced that it had published a final report for their investigation of a fatal fire at the BP-Husky Toledo Refinery (“BP Toledo Refinery”) in Oregon, OH, on September 20, 2022. This was the Board’s first new investigation after it began focused work on closing out their backlog of investigations. The announcement describes the incident:

“During an emergency situation at the refinery, liquid naphtha was released from a pressurized vessel, which resulted in a vapor cloud that subsequently ignited, causing a flash fire, which fatally injured the two BP employees. The events on September 20, 2022 resulted in approximately $597 million in property damage at the refinery, including loss of use. Over 23,000 pounds of naphtha were released during the incident.”

The report describes four critical safety issues that contributed to the severity of the incident. The Board made a total of seven safety recommendations as a result of their investigation.

Yesterday’s publication of this report leaves just three incidents listed on the CSB’s Current Investigations page:

Martinez Renewable Fuels Fire,

Dow Louisiana Operations Explosions, and

Honeywell Geismar Chlorine and Hydrogen Fluoride Release

There have been two other investigations announced this year (here and here) but they have not yet been added to the Current Investigations list.

 

For more details about the critical safety issues and recommendations outlined in the report, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-publishes-bp-husky-refinery-investigation - subscription required.

EPA Sends Carbon Tetrachloride TSCA Final Rule to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the EPA on “Carbon Tetrachloride (CTC); Regulation under the Toxic Substances Control Act (TSCA)”. The notice of proposed rulemaking on this action was published on July 28^th, 2023.

According to the abstract for this rulemaking in the Fall 2023 Unified agenda:

“EPA determined that CTC presents an unreasonable risk of injury to health due to cancer from chronic inhalation and dermal exposures and liver toxicity from chronic inhalation, chronic dermal, and acute dermal exposures in the workplace. To address the identified unreasonable risk under TSCA, EPA proposed to establish workplace safety requirements for most conditions of use, including the condition of use related to the making of low Global Warming Potential (GWP) hydrofluoroolefins (HFOs), prohibit the manufacture (including import), processing, distribution in commerce, and industrial/commercial use of CTC for conditions of use where information indicates use of CTC has already been phased out, and establish recordkeeping and downstream notification requirements. The use of CTC in low GWP HFOs is particularly important in the Agency’s efforts to support the American Innovation and Manufacturing Act of 2020 (AIM Act) and the Kigali Amendment to the Montreal Protocol on Substances that Deplete the Ozone Layer, which was ratified on October 26, 2022. The Agency’s development of this rule incorporates significant stakeholder outreach and public participation. EPA engaged in discussions with industry, non-governmental organizations, other government agencies, technical experts and users of CTC, and the general public to hear from users, academics, manufacturers, and members of the public health community about practices related to commercial uses of CTC; public health impacts of CTC; the importance of CTC in the various uses subject to this proposed rule; frequently-used substitute chemicals or alternative methods or lack thereof; engineering controls, administrative controls, and personal protective equipment currently in use or feasibly adoptable; and other risk-reduction approaches that may have already been adopted or considered for industrial and commercial uses. EPA conducted Federalism, Tribal, and Environmental Justice consultations and a Small Businesses Advocacy Review Panel.  EPA's risk evaluation for CTC, describing CTC’s conditions of use, is in docket EPA-HQ-OPPT-2019-0499 [link added], with the December 2022 unreasonable risk determination and additional information in docket EPA-HQ-OPPT-2016-0733 [link added].”

 

Short Takes – 6-24-24

Norfolk Southern said ahead of the NTSB hearing that railroads will examine vent and burn decisions. APNews.com article. Pull quote: “Days before the National Transportation Safety Board is set to explain why first responders were wrong to blow open five tank cars and burn the toxic chemical inside after the East Palestine derailment, Norfolk Southern said Friday it plans to lead an industrywide effort to improve the way those decisions are made.”

House set to dive into spending bills. TheHill.com article. Pull quote: “The trio of bills all advanced out of the appropriations committee despite opposition from Democrats, meaning they are all but certain to languish in the Democratic-controlled Senate. Top House Republicans, however, are still moving forward with the votes, hoping the cleared legislation will put them on stronger footing during negotiations with the Senate down the road.”

NASA again postpones return of Boeing Starliner crew from space. TheHill.com article. Pull quote: “For now, it is unclear exactly when flight commander Butch Wilmore and pilot Suni Williams will make their return from space. The agency did indicate that they are evaluating dates after the station’s two planned space walks on June 24 and July 2.”

U.S. is 'flying blind' with bird flu, repeating mistakes of COVID, health experts say. NPR.org article. Pull quote: “As the outbreak grows — with at least 114 herds infected in 12 states as of June 18 — researchers said the CDC and FDA are not moving fast enough to remove barriers that block clinical labs from testing. In one case, the diagnostics company Neelyx Labs was on hold with a query for more than a month.”

Luna to force vote on obscure maneuver forcing sergeant-at-arms to detain Garland. TheHill.com article. Pull quote: “House rules state that “the recalcitrant witness may be arrested and brought to trial before the bar of the House, with the offender facing possible incarceration,” but do not go into additional detail. A 2019 Congressional Research Service report described inherent contempt as a potentially powerful threat, but also a “cumbersome, inefficient” tool.”

Keep Mosquitoes Away with These Tried-and-True Repellents. ScientificAmerican.com article. Pull quote: “PMD is a strong DEET alternative, Fonseca says, especially for people who are seeking a naturally occurring chemical or put off by DEET’s strong odor and greasy texture. PMD is found in eucalyptus plants and, combined with water and a small amount of ethanol, is sometimes sold under the name “oil of lemon eucalyptus.” Icaridin is another synthetic option, Fonseca adds, noting that the latter is often sold in lower concentrations than DEET and PMD and therefore must be applied more often.”

Review - HR 8774 Reported in House – FY 2025 DOD Spending

Last week the House Appropriations Committee published their report for HR 8774, the Department of Defense Appropriations Act, 2025 and the reported version of the text of the bill. There are limited mentions of cybersecurity in the bill (none of interest here) and no mentions of chemical issues beyond continued spending for the destruction of chemical munitions. There are discussions of both topics in the Report.

The House Rules Committee is scheduled to meet on Tuesday to formulate the rule for the consideration of three spending bills, including HR 8774. There have been 401 amendments submitted to the Rules Committee to date for consideration in the debate on the DHS spending bill; three cybersecurity amendments of possible interest here. The bill is scheduled to be considered by the Full House this coming week.

Moving Forward

This is another partisan spending bill that will receive little or no support from Democrats. The Republicans will have to pass the rule for the consideration of this bill in the House Rules Committee and then maintain party discipline on the floor for the legislation to pass.

As with all spending bills, the language of this bill will never make it in the Senate. Even when the two bodies are ideologically closer, the Senate will consider their own version of the bill (not yet crafted by the Senate Appropriations Committee) as substitute language for HR 8774. Theoretically, a conference committee will work out the differences between the two versions of the bill. What is more likely is that in the last week of September, a continuing resolution will keep the current spending levels for sometime into the future. The big question is how far into the future, and who will write the final bill, it could be next year with a Republican Congress and a Trump Administration. If the Democrats win in November, it will be a lame duck congress that writes the bill in December.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8774-reported - subscription required.

Review - PHMSA Publishes Train Consist Final Rule

Today, DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA) published a final rule in the Federal Register (89 FR 52956-52994) on “Hazardous Materials: FAST Act Requirements for Real-Time Train Consist Information”. This final rule implement the requirements of §7302(a)(1) of the Fixing America's Surface Transportation Act (49 USC 20103 Note) to require that Class I railroads provide a real-time train consist information to emergency response personnel that “are involved in the response to, or investigation of, an accident, incident, or public health or safety emergency involving the rail transportation of hazardous materials”. The notice of proposed rulemaking for this action was published [removed from paywall] on June 27^th, 2023.

This rulemaking addresses three major issues:

Definition of “Train Consist Information”,

Notice to Train Crews, and

Emergency Response Information Sharing Requirements.

Compliance Dates

The effective date for this rule is July 24^th, 2024.

The voluntary compliance date for this rule is June 24^th, 2024.

The compliance date for Class I Railroads is June 24^th, 2025.

The compliance date for Class II and Class III Railroads is June 24^th, 2026.

 

For more details about the provisions of the final rule, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/phmsa-publishes-train-consist-final - subscription required.

DOC Sends ICTS Supply Chain Final Rule to OMB

On Friday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the Department of Commerce on “Securing the Information and Communications Technology and Services Supply Chain”. The notice of proposed rulemaking for this rule was published on November 27^th, 2019. An interim final rule was published on January 19^th, 2021.

According to the abstract for this rulemaking in the Fall 2023 Unified Agenda:

“Pursuant to Executive Order 13873 of May 15, 2019, "Securing the Information and Communications Technology and Services Supply Chain,” (Executive Order) the Department of Commerce (the Department) is implementing the process and procedures that the Secretary of Commerce (Secretary) will use to identify, assess, and address transactions that pose an undue risk to the security, integrity, and reliability of information and communications technology and services provided and used in the United States.”

 

Short Takes – 6-22-24

‘Lasagna-like’ layered structure could triple productivity of water splitting to make hydrogen. ChemistryWorld.com article. Pull quote: “The authors agree. ‘The issues with critical raw materials are crucial, [we] clearly need to improve sourcing and recycling of the materials in any new technologies,’ explains López. The team will now study several substitutes, including nickel, manganese and other metals, assessing the possibilities of delamination beyond cobalt–tungsten oxide. King adds that this lasagna design could be applied to solve other pressing environmental problems with electrocatalysis, such as turning carbon dioxide into fuels or fixing nitrogen-fixing to make fertiliser production much less energy intensive.”

Final Determination: Case No. ICTS-2021-002, Kaspersky Lab, Inc. Federal Register BIS notice. Determination: “he Department finds that Kaspersky's provision of cybersecurity and anti-virus software to U.S. persons, including through third-party entities that integrate Kaspersky cybersecurity or anti-virus software into commercial hardware or software, poses undue and unacceptable risks to U.S. national security and to the security and safety of U.S. persons. Consistent with 15 CFR 7.109(a), the Secretary now issues this Final Determination, which sets forth the Department's decision, based on the risks presented in the Initial Determination and the subsequent responses and mitigation proposals from Kaspersky, as further detailed below.”

Ukraine says its drones struck four Russian oil refineries in major attack. Reuters.com article. Pull quote: “Drone storage and launch sites, command and control centres in Russia's Krasnodar region were also struck, it said, adding they had confirmed explosions and fires at these facilities.”

The New B-52J Bomber Could Become a 'Flying Aircraft Carrier'. NationalInterest.org article. Aircraft older than I am. Pull quote: “The updated bomber will serve multiple roles, from traditional bombing to launching hypersonic weapons, potentially acting as a mothership for drone swarms, ensuring the U.S. maintains its competitive edge.”

Northrop Grumman delivers Arctic broadband satellites ahead of scheduled July launch. SpaceNews.com article.  Pull quote: “In a unique collaboration, each ASBM satellite hosts payloads from multiple entities:  The U.S. military’s Enhanced Polar System-Recapitalization (EPS-R) payload for secure communications; an X-band payload for the Norwegian Armed Forces; a Ka-Band payload for commercial satellite operator Viasat, and a Norwegian Radiation Monitor payload”

Trump campaign seeks to head off convention revolt from its right flank. WashingtonPost.com article (free). Pull quote: “The exact purpose of the maneuver was not clear — and left some delegates puzzled and alarmed. People familiar with the meeting, who spoke on the condition of anonymity to discuss private conversations, said perhaps the intent was to block an undesirable running mate. Most of the dozen GOP officials or activists interviewed by The Post even ventured that the aim may have been to substitute former national security adviser Michael Flynn for Trump if the former president is sentenced to prison time. Among some on the far right, suspicions have intensified that the former president has surrounded himself with too many advisers beholden to the “deep state.””

Review - HR 8572 Reported in House – FY 2025 DHS Spending Bill

Last week, the House Appropriations Committee published their report for HR 8572, the Department of Homeland Security Appropriations Act, 2025 and the text of the reported version of the bill. There is on specific cybersecurity language or chemical security language in the bill. The report contains discussions about both, but no mention of the Chemical Facility Anti-Terrorism Standards (CFATS) program.

The House Rules Committee is scheduled to meet on Tuesday to formulate the rule for the consideration of three spending bills, including HR 8572. There have been 232 amendments submitted to the Rules Committee to date for consideration in the debate on the DHS spending bill; two of possible interest here. One is a CFATS amendment that does not extend the program. The second is a cybersecurity amendment to increase funding for research on preventing cyberattacks. The bill is scheduled to be considered by the Full House this coming week.

Spending Bill Items of Interest

As I noted above, there is no language related to chemical security or cybersecurity in the bill itself. I have extracted some of the spending numbers that may be of interest here, along with comparisons to the version of the FY 2024 spending bill reported in the House last year. This allows for a look at how the Appropriations Committee has changed their DHS outlook over time.

Moving Forward

It is clear from the ‘Minority Views’ portion (pgs 173-5) of the Committee Report that HR 8752 as written and reported is a very partisan bill. If it passes it will be by a narrow, nearly party-line vote. Thus, it will have to be considered under a rule to be crafted by the Rules Committee, what is not yet clear is if it is partisan enough to get at least two of the three radical Republican votes in that Committee and avoids Republican votes against the rule on Wednesday.

 

For more details about chemical security and cybersecurity discussions in the Report, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8572-reported-in-house - subscription required.

Chemical Incident Reporting – Week of 6-15-24

NOTE: See here for series background.

Town and Country, MO – 6-12-24

Local news reports: Here, and here.

Mercury leaking from a package shut down local postal facility. No injuries reported, no damages reported. There is some interesting political fallout because of expected 7 to 10 day closure of the facility for spill remediation.

Not CSB reportable.

Louisville, KY – 6-13-24

Local news reports: Here, here, and here.

Piping failure resulted in 107-gal leak of sodium bisulfite at chemical manufacturing facility. Plant evacuated. No injuries or damage reported.

Not CSB reportable.

Portaland, OR – 6-18-24

Local news reports: Here, here, and here.

Trailer carrying 120 5-gal propane tanks caught fire on I-5 freeway. No injuries were reported. Trailer and propane tanks were destroyed. Driver left the scene before authorities arrived on scene.

Not CSB reportable – Should be on Week 6-14-24 transportation incident report.

FOND DU LAC, WI – 6-18-24

Local news reports: Here, here, here, and here.

Anhydrous ammonia leak in the compressor room at a milk processing facility. One employee taken to hospital. No report of damages.

Possible CSB reportable if employee was admitted to hospital.

Review – Public ICS Disclosures – Week of 6-15-24

This week we have four vendor disclosures from HP and Moxa (3). There are 31 vendor updates from ABB, Broadcom, and HPE (29).

Advisories

HP Advisory - HP published an advisory that discusses three vulnerabilities in multiple notebook PCs.

Moxa Advisory #1 - Moxa published an advisory that discusses four vulnerabilities (three with known exploits) in their SDS-3008 Series products.

Moxa Advisory #2 - Moxa published an advisory that discusses the Terrapin-Attack vulnerability in their UC series IPC products.

Moxa Advisory #3 - Moxa published an advisory that describes four vulnerabilities in their OnCell G3470A-LTE Series products.

Updates

ABB Update - ABB published an update for their 800xA Base advisory that was originally published on June 5^th, 2024.

Broadcom Update - Broadcom published an update for their EDK II Reference advisory that was originally published on December 26^th, 2020.

HPE Update #1 - HPE continued to convert 27 Aruba updates to the HPE format.

HPE Update #2 - HPE published an update for their Compute Scale-up Server 3200 server advisory that was originally published on April 15^th, 2024.

HPE Update #3 - HPE published an update for their Superdome Flex advisory that was originally published on January 26^th, 2024 and most recently updated on April 19^th, 2024.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-ac0 - subscription required.