Review – Public ICS Disclosures – Week of 6-21-25 – Part 2

For Part 2 we have six additional vendor disclosures from MB Connect, Splunk (4), and Westermo. There are four vendor updates from Hitachi Energy, MB Connect, and Palo Alto Networks (2). Finally, we have two exploits for vulnerabilities in products from Faydam and PX4.

Advisories

MB Connect Advisory - MB Connect published an advisory that describes a missing authentication for critical function vulnerability in their mymbCONNECT24 product.

Splunk Advisory #1 - Splunk published an advisory that discusses seven vulnerabilities in their AppDynamics Smart Agent.

Splunk Advisory #2 - Splunk published an advisory that discusses three vulnerabilities {one on CISA’s Known Exploited Vulnerabilities (KEV) catalog} in their Operator for Kubernetes.

Splunk Advisory #3 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their UniversalForwarder Docker product.

Splunk Advisory #4 - Splunk published an advisory that discusses three vulnerabilities (one with publicly available exploit) in their Splunk Docker product.

Westermo Advisory - Westermo published an advisory that discusses the Misfortune Cookies vulnerabilities in their EDW-100 and EDW-120 serial to Ethernet converters.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their Intel Chipset Software advisory that was originally published on February 25^th, 2025.

MB Connect Update - MB Connect published an update for their mymbCONNECT24 advisory that was originally published on December 19^th, 2024, and most recently updated on May 22^nd, 2025.

Palo Alto Networks Update #1 - PAN published an update for their GlobalProtect advisory that was originally published on June 11^th, 2025.

Palo Alto Networks Update #2 - PAN published an update for their Command Injection Vulnerability advisory that was originally published on June 11^th, 2025.

Exploits

Faydam Exploit - Serhat Aydın published an exploit for an SQL injection vulnerability in the Faydam Datalogger.

PX4 Exploit - Mohammed Idrees Banyamer published an exploit for a stack-based buffer overflow vulnerability in the PX4 open-source drone autopilot.

Short Takes – 6-28-25

Department of Defense Implementation of the National Environmental Policy Act. Federal Register DOD public notice. Summary: “The Army, Navy and Air Force are rescinding their NEPA implementing regulations in separate interim final rules. The Department will make the Department of Defense National Environmental Policy Act Implementing Procedures (DoD NEPA Procedures) available on the website listed in the SUPPLEMENTARY INFORMATION section of this notice on June 30, 2025.”

Trump just sent a 'dire warning' to the rest of the world: experts. NewsBreak.com article. Pull quote: ‘Trump initially signaled that he had a two-week timeline in which he would decide whether to approve an attack on Iran. However, some experts say that his decision to strike some of the country's nuclear facilities has reinforced the notion that American leadership is extremely temperamental and unpredictable, which could force other countries to rethink their relationship with the country.”

'She is the only person in the world compatible with herself' — scientists discover new blood type but it's unique to just one person from Guadeloupe. LiveScience.com article. Pull quote: “Together, the combinations of the ABO and Rh systems give us the eight main blood groups — but there are dozens of lesser known blood group systems, 45 of which were recognized by the International Society of Blood Transfusion (ISBT) as of 2024. Now, Gwada negative has been recognized as number 48.”

Trump cuts off US trade talks with Canada, shattering optimism over tariff deals. Reuters.com article. Pull quote: “Speaking to reporters at the White House, Trump said that the negotiations with Canada would not resume "until they straighten out their act," adding that the U.S. holds "such power over Canada."”

Flu Shot in Pregnancy Tied to Fewer Infections in Young Infants. MedPageToday.com article. Pull quote: “Four randomized trials have shown that flu vaccination during pregnancy -- especially in the second half -- reduces the risk of influenza infection in infants by 30-63% during their first 6 months, and a pooled analysis of three of these trials reported a vaccine efficacy of 35% against laboratory-confirmed infection, the researchers noted.”

 

Mexico threatens lawsuit against SpaceX over Starship explosion 'contamination'. SpaceNews.com article. Pull quote: “But Sheinbaum contests that claim. In a press conference held on Wednesday (June 25), the Mexican president said there is a "general review underway of the international laws that are being violated" due to the fact that "there is contamination" stemming from Starship's explosion, according to Yucatan Magazine. The Guardian reports that Sheinbaum added that her government is looking to file "the necessary lawsuits" over the alleged contamination.”

Chemical Incident Reporting – Week of 6-21-25

NOTE: See here for series background.

SUFFIELD, CT– 6-23-25

Local News Report: Here, here, and here.

There was an exterior leak in an industrial cooling system at a dairy. The system shutdown as designed. There were no reports of injuries or damages.

Not CSB reportable.

Review - HR 4121 Introduced – FY 2026 ARD Spending

Earlier this week Rep Harris (R,MD) introduced HR 4121, the Agriculture, Rural Development, Food and Drug Administration, and Related Agencies (ARD) Appropriations Act, 2026. The House Appropriations Committee also published their Report on the bill. There is one cybersecurity spending mention in the bill and three minor cybersecurity discussions in the Report. There are two industrial chemical safety discussions in the Report.

Moving Forward

With the House out this week for their 4^th of July holiday, there will be no action taken on this bill until sometime in July (or maybe September, August is still scheduled to be a congressional holiday). It remains to be seen which spending bills will make it to the floor and which will be passed. The Congress will receive some pressure from the Administration to move spending bills under regular order, but the myth of control of the House and Senate remains to be proven.

This bill passed in the House Appropriations Committee by a party-line vote of 35 to 27 (pg 9). This may not be enough to ensure that the bill passes in the House (may depend on attendance on the day of the vote), but it certainly indicates that the bill as crafted would not pass in the Senate, because at least 7 Democrats will have to vote for the bill for it to pass. The Senate will not take up this version of the bill in any case, but that body will have an even harder time this year crafting a spending bill that will pass given the intra-party divisions in that body. Any bill there that is designed to get enough Democrats to reach 60-votes will lose Republican votes.

For more details about the cybersecurity and chemical safety provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4121-introduced-fy-2026-ard-spending - subscription required.

Review – Public ICS Disclosures – Week of 6-21-25 – Part 1

This is a moderately busy disclosure week. For Part 1 we have 12 vendor disclosures from Elecom, FortiGuard, GE Vernova, Helmholz (2), Hitachi Energy (4), HP, Lenze, and Siemens.

Advisories

Elecom Advisory - JP-CERT published an advisory that describes five vulnerabilities in multiple Elecom wireless LAN routers.

FortiGuard Advisory - FortiGuard published an advisory that describes a stack-based buffer overflow vulnerability in multiple FortiGuard products.

GE Vernova Advisory - GE published an advisory that discusses an authentication bypass using an alternate path or channel vulnerability in their Control Server OTArmor.

Helmholz Advisory #1 - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in the Helmholz myREX-24 products.

Helmholz Advisory #2 - CERT-VDE published an advisory that describes two vulnerabilities in the myREX-24 products.

Hitachi Energy Advisory # 1 - Hitachi Energy published an advisory that describes an allocation of resources without limits or throttling in their Relion 670/650 and SAM600-IO series products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes five vulnerabilities in their MicroSCADA X SYS600 product.

Hitachi Energy Advisory #3 - Hitachi Energy published an advisory that discusses a cross-site scripting vulnerability (with publicly available exploit) in their MSM product.

Hitachi Energy Advisory #4 - Hitachi Energy published an advisory that describes an improper check for unusual or exceptional conditions vulnerability in their Relion 670/650 and SAM600-IO series products.

HP Advisory - HP published an advisory that discusses an out-of-bounds write vulnerability in their Poly Trio & CCX Devices.

Lenze Advisory - CERT-VDE published an advisory that describes a clear-text storage of sensitive information vulnerability in the Lenze PLC Designer V4.

Siemens Advisory - Siemens published an advisory that describes a problem (not a vulnerability) with how their SIMATIC PCS 7 and SIMATIC PCS neo products react with Microsoft Defender Antivirus.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-85b - subscription required.

Short Takes – 6-27-25

China’s Shenzhou-20 astronauts complete second spacewalk to enhance Tiangong space station. SpaceNews.com article. Pull quote: “On June 17, China conducted a pad abort test for its new-generation Mengzhou spacecraft. The low Earth orbit variant of Mengzhou will be able to carry 6-7 astronauts to Tiangong, launching on a new Long March 10A rocket currently in development. While the space station currently hosts crews of three for six-month-long rotations, China is planning to expand the three-module orbital outpost with further modules in the coming years.”

We’re learning more about what weight-loss drugs do to the body. TechnologyReview.com article. Pull quote: “There are other concerns. Weight-loss drugs can help people trim down on fat, but lean muscle can make up around 10% of the body weight lost by people taking them. That muscle is important, especially as we get older. Muscle loss can affect strength and mobility, and it also can also leave people more vulnerable to falls, which are the second leading cause of unintentional injury deaths worldwide, according to the World Health Organization.”

An exceedingly rare asteroid flyby will happen soon, but NASA may be left on the sidelines. ArsTechnica.com article. Pull quote: “Other choices, including dragging dual space probes out of storage, the Janus spacecraft, and other concepts that were submitted to NASA a year ago as part of a call for ideas, have already been rejected or simply left on the table. As a result, NASA currently has no plans to study what will be the most important asteroid encounter since the formation of the space agency.”

Trump’s latest rejection of intelligence assessments reflects a long distrust of spy agencies. WSAV.com article. Pull quote: “Given Trump’s skeptical view of intelligence officials, Pfeiffer said, “his initial instinct is to assume that if the intelligence community is telling him something different than he would like it to be, that it’s because they’re trying to undermine him.””

Review - Bills Introduced – 6-26-25

Yesterday, with both the House and Senate in session (and their upcoming 4^th of July break in question), there were 98 bills introduced. One of those bills will receive additional coverage in this blog:

HR 4213 Department of Homeland Security Appropriations Act, 2026. Amodei, Mark E. [Rep.-R-NV-2]

 

For more information on these bills, including legislative history for similar bills in the 118^th, including a brief look at a Space Geek resolution, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-6-26-25 - subscription required.

Transportation Chemical Incidents – Week of 5-24-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 520 (488 highway, 31 air, 1 rail, 0 water)

• Serious incidents – 3 (3 Bulk release, 2 evacuation, 0 injury, 0 death, 1 major artery closed, 0 fire/explosion, 26 no release)

• Largest container involved – 9,500-gal Tank wagon {Diesel Fuel} Overfilled.

• Largest amount spilled – 215-gal Plastic IBC {Ethyl Alcohol} Packaging failure.

• Total amount reported spilled in all incidents – 1533.9 gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Resorcinol - Very white crystalline solid that becomes pink on exposure to light if not completely pure. Burns although ignition is difficult. Density approximately 1.28 g / cm3. Irritating to skin and eyes. Toxic by skin absorption. Used to make plastics and pharmaceuticals. Has a potentially explosive reaction with concentrated nitric acid [Lewis]. (Source: CameoChemicals.NOAA.gov).

 

OMB Approved 14 NEPA Related Rulemakings

 Yesterday the OMB’s Office of Information and Regulatory Affairs announced that they had approved 15 separate regulatory actions (interim final rule, final rules, and notices) related to the implementation of the National Environmental Policy Act as revised by EO 14154.

• DOC/EDA – Final Rule - Amendment to Environment Regulation,

• DOC/NOAA – Notice - NOAA NEPA Procedures,

• DOC/NTIA – Notice - FirstNet Authority NEPA Procedures,

• DOC/NTIA – Notice - NTIA NEPA Procedures,

• DOC/EDA – Notice - EDA NEPA Procedures,

• DOC/NIST – Notice - NIST NEPA Procedures,

• DOE/OGC – Interim Final Rule - National Environmental Policy Act Implementing Procedures,

• DOT/FHWA - Interim Final Rule - Categorical Exclusions and Environmental Procedure,

• DOD/COE - Interim Final Rule - Procedures for Implementing the National Environmental Policy Act for Regulatory Program,

• FERC – Final Rule - National Environmental Policy Act Implementing Procedures,

• DOD/AF – Interim Final Rule - National Environmental Policy Act Implementing Procedures; Proposed Department of the Air Force (DAF)'s Environmental Impact Analysis Process (EIAP),

• DOD/DOA – Interim Final Rule - Environmental Analysis of Army Actions,

• DOD/NAVY – Interim Final Rule - Policies and Responsibilities for Implementation of the National Environmental Policy Act Within the Department of the Navy,

• USDA/AgSec – Interim Final Rule - USDA NEPA Amending Regulations

I do not plan on covering any of these rulemaking actions in any detail. I do intend to mention their publication in the Federal Register in the appropriate Short Takes post.

Short Takes – 6-26-25

NASA’s acting leadership planning new agency structure. SpaceNews.com article. Pull quote: “Officials also said they were not planning any layoffs at this time. The agency is conducting a second round of a deferred retirement program after 900 employees took part in the first round earlier this year. Casey Swails, NASA deputy associate administrator, said 1,500 employees have signed up for this second round ahead of a July 25 deadline.”

Chinese scientists push for cubesat swarm mission to fly by infamous asteroid Apophis. SpaceNews.com article. Pull quote: “The mission would seek to measure the asteroid’s mass, surface morphology, spin state and internal structure. It proposes using cubesats with similar or diverse payloads, and use multi-spectral imaging, conduct stereo surface mapping, and employ microwave ranging for high-precision gravitational field assessment.”

Despite Iran’s weaknesses U.S. must watch for radicalization at home, former CENTCOM chief warns. ThreatBeat.com article. Pull quote: ““I think self-radicalization is probably more of a threat … than a highly organized Iranian attack in the United States or through one of their proxies,” he said. “But you can’t rule it out.”’

‘Suspended animation’: US government upheaval has frayed partnerships with critical infrastructure. CyberSecurityDive.com article. Long form article. Pull quote: ““If there is a major sector incident, I worry about the response capability of the government,” Weiss [Health-ISAC] said. With the current level of support from the government, one water industry representative said, a widespread intrusion into water systems “could be disastrous.” Asked about the government’s ability to help contain a major hack in the natural gas sector, the second energy industry representative said, “I no longer know.””

Pentagon to consider SpaceX alternative for Space Force satellite program. SpaceNews.com article. Pull quote: ““No competition, no open architecture, no leveraging a dynamic space ecosystem. This is a massive and important contract,” [Sen (D,CT)] Coons said. “Doesn’t handing this to SpaceX make us dependent on their proprietary technology and avoid the very positive benefits of competition and open architecture?””

Axiom-4 astronauts on SpaceX Crew Dragon welcomed aboard International Space Station. Space.com article. Pull quote: “"With your arrival right now, there are 11 astronauts from six countries, and all of us are here in order to advance human space exploration and scientific research, symbolizing international cooperation. So from this moment, you are also a part of Expedition 73," said Exp. 73 commander JAXA astronaut Takuya Onishi during opening remarks. "Welcome aboard," he added, before handing off the microphone to his new crewmates as they received their astronaut wings.”

Review – 2 Advisories Published – 6-26-25

Today CISA’s NCCIC-ICS published two control system security advisories for products from TrendMakers and Mitsubishi.

Advisories

TrendMakers Advisory - This advisory describes two vulnerabilities in the TrendMakers Sight Bulb Pro camera.

Mitsubishi Advisory - This advisory describes a missing authentication for critical function vulnerability in the Mitsubishi air conditioning systems.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-6-26-25 - subscription required.

Review - Bills Introduced – 6-25-25

Yesterday, with both the House and Senate in session, there were 59 bills introduce. Two of those bills may receive additional coverage in this blog:

HR 4121 Agriculture, Rural Development, Food and Drug Administration, and Related Agencies Appropriations Act, 2026. Harris, Andy [Rep.-R-MD-1] 

S 2169 A bill to require the development of a comprehensive rural hospital cybersecurity workforce development strategy, and for other purposes. Hawley, Josh [Sen.-R-MO]

 

For more information on these bills, including legislative history for similar bills in the 118th, as well as a mention in passing about three federal government improvement bills, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-6-25-25 - subscription required.

Short Takes – 6-25-25 – Space Geek Edition

Fourth Axiom Space private astronaut mission launched to ISS. SpaceNews.com article. Pull quote: ““Grace is more than a name. It reflects the elegance with which we move through space against the backdrop of Earth,” she said. “Grace reminds us that spaceflight is not just a feat of engineering but an act of goodwill for the benefit of every human everywhere.”

Maxar launches intelligence service focused on ‘persistent monitoring’. SpaceNews.com article. Pull quote: “The Luno program marks a change in how intelligence agencies work with the private sector. Rather than simply purchasing imagery, NGA is now asking companies to provide analytical reports about activities in specific locations over set time periods, leaving vendors to determine the best methods for collecting and analyzing the necessary data.”

Axiom Space Partners with India-based Skyroot Aerospace to Advance Space Exploration. AxiomSpace.com article. Pull quote: “Skyroot Aerospace is India’s leading private space launch service provider and the first private company to launch a rocket to space in South Asia. As the first private space-tech company to partner with the Indian Space Research Organisation (ISRO), Skyroot is on a mission to make access to space affordable, reliable, and on demand. In 2022, Skyroot successfully launched Vikram-S, and the team is now preparing to launch the Vikram-1 rocket, its maiden orbital-class launch vehicle.”

Satellite imagery firms escalate warnings over budget cuts. SpaceNews.com article. Pull quote: “Chad Anderson, founder of investment firm Space Capital, said the remote sensing industry is in a pivotal transition. While non-governmental use cases in sectors like agriculture, commodities, and infrastructure are growing, government remains the dominant buyer and the anchor customer that underwrites scale.”

HR 3944 Passed in House – FY 2026 MilCon Spending

This afternoon, after a little more than two hours of debate and processing amendments, the House passed HR 3944, the Military Construction, Veterans Affairs, and Related Agencies Appropriations Act, 2026, by a vote of 218 to 206. Two Democrats {Rep Golden (D,ME) and Rep Perez (D, WA)} voted Aye, no Republican vote Nay.

This is the first of potentially twelve spending bills that should be passed in both the House and Senate before September 30^th, 2025. The near party-line vote would seem to indicate that the bill would not be able to pass in the Senate where 60 votes are needed for passage. But the Senate almost never votes on the House version of a spending bill. Senate language (not yet crafted by the Senate Appropriations Committee) is typically offered as substitute language and amendments are then made to the revised version. A conference committee is then supposed to work out the differences between the two bills with subsequent votes in the House and Senate to pass the conference version of the bill.

Except, that has not happened in years. The House will probably pass six to ten of the 12 spending bills. The Republicans will not be able to put together a working majority to pass the remainder of the bills. It is still an open question if the Senate will take up any of the spending bills. Come the last week in September, if recent history is any guide, the House will offer up a continuing resolution to continue funding the government at something close to the FY 2025 spending amounts. At the end of the calendar year (or maybe even later than that) an agreement of some sort of compromise omnibus spending bill will be reached, and the process will start all over again for the FY 2027 spending bill.

But this year we have the Republicans in nominal control of both the House and Senate, as well the White House, so there is a chance that we will see something different happen. I do not think so, but you never can tell.

CISA Adds FortiOS Vulnerability to KEV Catalog – 6-25-25

Today CISA announced that it had added a use of hard-coded credentials vulnerability in the FortiGuard FortiOS product to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was previously reported by FortiGuard on June 30^th, 2020, and the advisory was most recently updated on February 22^nd, 2024. New versions that mitigate the vulnerabilities (two others also listed in this advisory). On December 8^th, 2023 SaladAndOnionRings published an exploit that allows decryption of FortiGuard passwords based upon this vulnerability.

CISA is requiring federal agencies using affected FortiGuard products to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” A deadline of July 16^th, 2025 has been set to meet this requirement.

Review – HR 3278 Introduced – Protecting Critical Infrastructure Act

Last month Rep Fallon (R,TX) introduced HR 3278, the Protecting Critical Infrastructure Act. The bill would amend 18 USC 1030 providing enhanced penalties for offenses involving critical infrastructure. It would also require the President to impose sanctions on foreign persons that knowingly accesses or attempts to access critical infrastructure. No new funding is provided in the bill.

Moving Forward

Neither Fallon, nor his three cosponsors, are members of the House Judiciary Committee to which tis bill was assigned for primary consideration. The three cosponsors are all members of the House Foreign Affairs Committee to which the bill was assigned for secondary consideration. This means that there will probably not be sufficient influence to see the bill considered in the Judiciary, but there may be sufficient influence to be considered in the Foreign Affairs Committee.

As written, I do not think that the bill would have sufficient support in the Judiciary Committee to be approved if it were considered. The bill would need substantial revision of the §1030 amendment, including qualifying and limiting language like that found in the existing paragraphs of §1030(c). I would expect that there would be some opposition from Democrats based upon the history of the early application of §1030, so there would probably not be sufficient bipartisan support to see the bill considered in the full House under the suspension of the rules process.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-3278-introduced-protecting-critical - subscription required. 

CSB Announces Official Investigation of 2 Nitrogen Oxide Releases

Yesterday the Chemical Safety Board (CSB) announced that it had “launched a formal investigation into two incidents involving toxic nitric acid at facilities owned by the Austin Powder Company”. A team had been sent to conduct a preliminary investigation of the June 11^th, 2025 nitrogen oxide release from a nitric acid storage tank at the McArthur, OH facility. This brings the number of open CSB investigations back up to six (though the ‘Current Investigations’ web page has not yet been updated to reflect this added investigation).

Short Takes – 6-24-25

Netanyahu decided on Iran war last year, then sought to recruit Trump. WashingtonPost.com article. Pull quote: “Ultimately, when Netanyahu finally launched his surprise attack on Iran in the early hours of June 13 while Trump’s negotiations were still underway, the decision was not so much driven by new intelligence indicating an Iranian sprint for a nuclear weapon or any imminent threat to Israel. Rather, Israel seized on what it saw as a unique opportunity to execute plans, carefully laid months and years in advance, to heavily damage a weakened Iran that had long waged a bloody proxy conflict with Israel and to set back Iranian nuclear and missile programs, Israeli and U.S. officials and advisers to both governments say.”

Threat of a cyberattack from Iran alarms security experts. WashingtontImes.com article. Pull quote: ““CyberAv3ngers, which is associated with the online persona Mr. Soul, has launched a series of malicious cyber activities against U.S. critical infrastructure on behalf of Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC),” the message said. “CyberAv3ngers actors have utilized malware known as IOCONTROL to target ICS/SCADA devices used by critical infrastructure sectors in the United States and worldwide.””

Iranian cyber threats overhyped, but CISOs can’t afford to let down their guard. CSOOnline.com article. Pull quote: “Still, the cease-fire notwithstanding, in the future, shadowy and ever-morphing Iran-aligned hacktivist groups and Iranian government actors might be able to create operational headaches and reputational damage, and CISOs would do well to prepare their organizations for these possible outcomes.”

Trump tries to maintain fragile ceasefire hours after he announced it. Politico.com article. Pull quote: “Netanyahu’s office said in a release that Israel had “refrained from additional attacks” after the prime minister’s conversation with Trump. According to the statement, Israel “forcefully attacked in the heart of Tehran” four hours before the ceasefire was set to start. Israel also alleged that Iran “launched a barrage of missiles” shortly before the ceasefire began, and continued to do so after the agreement was set to go into effect, prompting Israel to destroy a radar installation close to Tehran.”

U.S. initial damage report: Iran nuclear program set back by months, not obliterated. WashingtonPost.com article. Pull quote: “U.S. intelligence reports also indicate that Iran moved multiple batches of its highly enriched uranium out of the nuclear sites before the strikes occurred and that the uranium stockpiles were unaffected, said the person, who spoke on the condition of anonymity to discuss sensitive intelligence matters.”

NATO Aims to Boost Defenses Against Drones, Hacking and Sabotage. WSJ.com article (free). Pull quote: “Western military planners haven’t faced serious threats to logistics since World War II. Russia’s invasion of Ukraine and the risk of further conflict changes that. Now logisticians, who focus on mobilizing troops and sustaining battles, must refine their plans with an eye to homeland security and the risk that adversaries will do everything possible to stop defending forces from leaving bases and engaging in combat. Israeli special forces operating inside Iran targeted its mobile air-defense vehicles and other equipment at the start of Israel’s attack on June 13.”

Cambodia announces 7th H5N1 avian flu case of the year. CIDRAP.UMN.edu article. Exposure to sick poultry reported. Pull quote: “Some of Cambodia's recent cases have been linked to a novel reassortment between an older 2.3.2.1c clade known to circulate in Southeast Asia's poultry and genes from the newer 2.3.4.4b clade spreading globally. So far, it's not known what clade infected the latest two patients.”

Review – HR 2980 Introduced – Energy Cybersecurity Research

Back in April Rep Ross (D,NC) introduced HR 2980, the Energy Cybersecurity University Leadership Act of 2025. After finding that integrating “cybersecurity considerations into the research, design, and development of energy infrastructure represents a cost-effective approach to enhancing the security, resilience, and reliability”, this bill would require DOE to establish an “Energy Cybersecurity University Leadership Program”. No money is authorized by this bill for the program.

HR 2980 is essentially the same as HR 302 which was introduced by Ross in January of 2023. The bill was considered by the full House on February 6^th, 2023, under the suspension of the rules process. HR 302 passed by a vote of 357 to 56. No action was taken on that bill in the Senate.

Moving Forward

The House is scheduled to consider HR 302 on Monday under the suspension of the rules process. That process provides for limited debate, allows for no floor amendments, and requires a super-majority for passage. Scheduling a bill for consideration under this procedure indicates that the leadership expects the bill to receive substantial bipartisan support.

Commentary

Two separate sessions of Congress have had this bill passed in the House, only to have it die in the Senate without consideration. Part of this is procedural. The House has the ‘suspension of the rules’ process that allows bills to pass after abbreviated (40 minutes of debate) consideration with a 2/3rds ‘super majority’. While the Senate only requires a 3/5ths majority for passage, that is only after a lengthy (typically multiple days) debate process requiring as many as three procedural votes before the final vote on the bill. This means that only politically important bills generally get considered in the Senate. Minor bills may pass under the unanimous consent process, but a single voice ‘objecting’ to the bill stops that process. There is no requirement that the objection has anything to do with the bill being considered, frequently it is a political ploy looking to trade removing the objection for considering something else entirely.

 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-2980-introduced-energy-cybersecurity - subscription required.

Short Takes – 6-24-25 – Space Geek Edition

Isaacman interested in privately funded science missions. SpaceNews.com article. Pull quote: “That was something he said he might be interested in pursuing outside the agency. “I wouldn’t mind maybe trying to put that to a test and see if you could fund an interesting robotic mission, just to show that it can be done, and try and get some of the top tier academic institutions who want to perform. So that’s on my mind.””

The Exploration Company claims partial success of Mission Possible reentry spacecraft. SpaceNews.com article. Lost contact just before ocean landing. Pull quote: ““We have been pushing boundaries in record time and cost, but this partial success reflects both ambition and the inherent risks of innovation,” the company stated. “Leveraging the technical milestones achieved yesterday and the lessons we will extract from our ongoing investigation, we will then prepare to re-fly as soon as possible.””

Varda to launch its first in-house built spacecraft for on-orbit manufacturing. SpaceNews.com article. Mission launched yesterday on SpaceX Transporter 14. Pull quote: “The company expects growing demand from pharmaceutical firms and defense agencies, as well as organizations that would otherwise rely on the International Space Station to conduct experiments, he said. With the station set to retire as early as 2030 and uncertainty around commercial replacements, Varda is positioning its autonomous platform as a more accessible alternative for microgravity research.”

Laser rangefinder problems blamed for second ispace lunar lander crash. SpaceNews.com article. Pull quote: “Those changes will have no impact on the schedule for the next two missions: Mission 3, featuring a lander built by ispace U.S. for Draper flying a NASA mission, and Mission 4, a Japanese-built lander. Both remain scheduled for launch in 2027. Ispace expects to incur about 1.5 billion yen ($10.3 million) in additional costs for those missions from measures like obtaining a better laser rangefinder and improved testing.”

Two spacecraft created their first images of an artificial solar eclipse. ScienceNews.org article. Pull quote: “The sun’s light is completely blocked by the moon somewhere on Earth just once every 18 months, with an event lasting for a few minutes at most. The spacecraft duo, however, will replicate the phenomenon on demand. Every 20 hours, it can create an eclipse that may last up to six hours.”

Review – 7 Advisories and 1 Update Published – 6-24-25

Today CISA’s NCCIC-ICS published seven control system security advisories for products from MICROSENS, Parsons, ControlID, Schneider (2), Delta Electronics, and Kaleris. They also updated an advisory for products from Mitsubishi.

Advisories

MICROSENS Advisory - This advisory discusses three vulnerabilities in the MICROSENS NMP Web+ product.

Parsons Advisory - This advisory describes a cross-site scripting vulnerability in the AccuWeather and Custom RSS widget in multiple products from Parsons.

ControlID Advisory - This advisory describes three vulnerabilities in the ControlID iDSecure On-premises product.

Schneider Advisory #1 - This advisory describes four vulnerabilities in the Schneider EVLink WallBox.

Schneider Advisory #2 - This advisory describes six vulnerabilities in the Schneider Modicon Controllers.

Delta Advisory - This advisory describes four out-of-bounds write vulnerabilities in the Delta CNCSoft human-machine interface.

Kaleris Advisory - This advisory describes two vulnerabilities in the Kaleris Navis N4 terminal operating system.

Updates

Mitsubishi Update - This update provides additional information on the MELSEC-Q Series PLCs advisory that was originally published on January 29^th, 2019, and most recently updated on October 5^th, 2023.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-410 - subscription required.

Short Takes – 6-24-25 – Federal Register Edition

Extension of Postponement of Effectiveness for Certain Provisions of Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA). Federal Register EPA notice of extension of postponement of effectiveness. Summary: “The Environmental Protection Agency (EPA or Agency) is extending the postponement of the effective date of certain regulatory provisions of the final rule entitled “Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA)” for an additional 60 days. Specifically, this postponement applies to the conditions imposed on the uses with TSCA exemptions.”

1,1-Dichloroethane; Risk Evaluation Under the Toxic Substances Control Act (TSCA); Notice of Availability. Federal Register EPA notice of availability. Summary: “The Environmental Protection Agency (EPA or Agency) is announcing the availability of the final risk evaluation under the Toxic Substances Control Act (TSCA) for 1,1-dichloroethane (CASRN 75-34-3). The purpose of risk evaluations under TSCA is to determine whether a chemical substance presents an unreasonable risk of injury to health or the environment under the conditions of use, including unreasonable risk to potentially exposed or susceptible subpopulations identified as relevant to the risk evaluation by EPA, and without consideration of costs or non-risk factors. EPA used the best available science to prepare this final risk evaluation and determined, based on the weight of scientific evidence, that 1,1-dichloroethane presents unreasonable risk to human health driven by three conditions of use because of risks to workers.”

Hazardous Materials: Liquefied Natural Gas by Rail. Federal Register PHMSA direct final rule. Summary: “PHMSA, in coordination with the Federal Railroad Administration, is amending the Hazardous Materials Regulations in response to the recent decision of the United States Court of Appeals for the District of Columbia Circuit in Sierra Club, et al. v. DOT, et al., No. 20-1317 (Jan. 17, 2025).”

“On January 17, 2025, the D.C. Circuit issued a decision on the merits of the consolidated petitions. The D.C. Circuit held that PHMSA violated NEPA by failing to prepare an environmental impact statement during the rulemaking process. Accordingly, the D.C. Circuit vacated the LNG by Rail Rule in its entirety and remanded the matter to PHMSA for further proceedings.”

Agency Advisory Circular: Informed Consent Requirements for Crew and Space Flight Participants. Federal Register notice and request for comments. Summary: “FAA invites public comments about our intention to publish advisory material for Title 14 Code of Federal Regulation (CFR) Part 450. This Draft Advisory Circular (AC) provides guidance on meeting informed consent requirements for crew and space flight participants in accordance with Title 14 of the Code of Federal Regulations (CFR) § 460.9, Informing crew of risk, and § 460.45, Operator informing space flight participant of risk. An operator must inform, in writing, each space flight participant and any individual serving as crew, that the United States Government has not certified the launch vehicle and/or any reentry vehicle as safe for carrying flight crew or space flight participants in accordance with §§ 460.9 and 460.45.”

Process Safety Management of Highly Hazardous Chemicals Standard; Extension of the Office of Management and Budget's (OMB) Approval of Information Collection (Paperwork) Requirements. Federal Register OSHA 60-day information collection request revision. Summary: “OSHA is requesting that OMB extend the approval of the information collection requirements contained in Process Safety Management of Highly Hazardous Chemicals Standard. The agency is requesting an adjustment decrease in burden going from 2,325,294 hours to 2,269,066 hours, a difference of 56,228 hours. The decrease is due to a reduction in the number of establishments in the RMP database as of March 2025 going from 11,641 to 11,329 establishments.”

EO 14310: Further Extending the TikTok Enforcement Delay. Federal Register.

CSB Publishes New Safety Video – 6-23-25

Yesterday the Chemical Safety Board (CSB) announced the release of a new safety video, “Safety Pays Off: The Value of Vigilance”, describing the importance of the work being done by the Board. Using clips of dramatizations from previous CSB safety videos, this new video highlights the high cost of chemical accidents and notes that the potential money saved from avoiding just one such incident by following CSB safety recommendations far outweighs the meager budget of the agency. The CSB joins the budget war. 

CSB 2026 Budget Request Page Not Working

This morning the CSB’s ‘2026 Budget Request’ page that I previously reported about on June 2^nd, 2025 is not working. While this may be nothing more than a relatively ‘normal’ internet glitch, it is interesting that it comes just two days before the next scheduled public meeting of the Chemical Safety Board. The mysterious ‘cj’ in the middle of the page’s URL (https://www.csb.gov/assets/1/6/csb_cj_2026.pdf) always seemed to me to be an indication of DOGE involvement in that page. I will continue to watch this page for further developments.

UPDATE 7:30 6-24-25 – The page is back up. Stay tuned.

Short Takes – 6-23-25 – War with Iran – Late Issue

Russian leader claims multiple countries prepped to provide Iran nuclear weapons following US strikes. FoxNews.com article. Pull quote: “Medvedev did not list specific countries that might pitch in and support Iran. However, Russia historically has backed Iran's nuclear program. Russian President Vladimir Putin also offered to mediate peace talks between Iran and Israel on Wednesday.”

Trump rages at Russia’s Medvedev for using ‘N-word’ in threat to supply Iran with nukes: ‘That’s why Putin’s The Boss’. NewsBreak.com article. Pull quote: “The U.S. leader’s comments appeared to have rattled Medvedev, who responded with a statement posted to X later on Monday in which he said Moscow “has no intention of supplying nuclear weapons to Iran” because of Russia’s obligations under the Nuclear Non-Proliferation Treaty.”

Trump warns his OWN team live on Fox News after they fact-checked his Iranian nuclear claims. NewsBreak.com article. Pull quote: “Upon learning that Tulsi Gabbard, his Director of National Intelligence, had made this assertion, Trump's reaction intensified as he declared, "She's wrong. We're going to see and people have to be very careful with what they say. They've got to be very careful with their mouth, because their mouth can get them into a lot of trouble."”

Trump’s cease-fire announcement caught his own top officials by surprise. NYTimes.com article. Pull quote: “The announcement, made minutes after 6 p.m. Eastern time, caught even some of Mr. Trump’s own top administration officials by surprise. Israel has not yet confirmed the cease-fire, and within three hours of Mr. Trump’s announcement, there were fresh attacks from Israel against Iran, raising questions about whether all parties had agreed to it.”

Short Takes – 6-23-25 – War with Iran Issue

Will Iran Surrender? SAMF.substack.com blog post. Pull quote: “If Trump had looked more carefully at what the Europeans were saying he would have appreciated that they were also urging the Iranians to talk to the Americans, and on a much broader agenda than before. Not only will they need to make major concessions on its nuclear programme, of the sort they were unprepared to make at the start of the month, but they will also need to restrict their missile programme and activist role in the region. These concessions will only happen, if at all, when the Iranians are not only convinced privately that they are losing but that they are prepared to acknowledge it publicly. This moment may not come as long as they can keep firing missiles into Israeli cities.”

Here’s how Iran could retaliate after US strikes on its nuclear program. APNews.com articles. Pull quote: “The U.S. has tens of thousands of troops stationed in the region, including at permanent bases in Kuwait, Bahrain, Qatar and the United Arab Emirates, Arab Gulf countries just across the Persian Gulf from Iran — and much closer than Israel.

“Those bases boast the same kinds of sophisticated air defenses as Israel, but would have much less warning time before waves of missiles or swarms of armed drones. And even Israel, which is several hundred kilometers (miles) further away, has been unable to stop all of the incoming fire.”

GOP leaders face internal pushback, doubts on ‘big beautiful bill’ vote. TheHill.com article. Pull quote: ““I think it’s highly unlikely at this point that we vote on this thing by July 4. I think there is too much work to do. Too many people have to many ideas to come to the finish line to this process. I don’t see a way to hold a vote that gets 51 before the Fourth of July,” a Senate GOP aide told The Hill.”

Satellite images show strikes’ impact on Iran nuclear sites. TheHill.com article. Pull quote: “On Sunday, he reiterated the point on Truth Social, saying, “Monumental Damage was done to all Nuclear sites in Iran, as shown by satellite images. Obliteration is an accurate term! The white structure shown is deeply imbedded into the rock, with even its roof well below ground level, and completely shielded from flame. The biggest damage took place far below ground level. Bullseye!!!””

Iran reportedly moves to close Strait of Hormuz after US attacks. TheHill.com article. No actual action to close the straights reported, just threats at this point. Pull quote: “Secretary of State Marco Rubio told Fox News on Sunday morning that China should ask Iran to keep the shipping lane open because of Asia’s need for oil delivered through the strait. He warned Iran against the action.”

‘There Is No Intel’: Trump’s Attacks on Iran Were Based on Vibes, Sources Say. RollingStone.com article (a noted intelligence source - sigh) Pull quote: “Sen. Chris Murphy (D-Conn.), who sits on the Foreign Relations Committee, confirmed Saturday night that American intelligence assessments on Iran have not changed. “I was briefed on the intelligence last week. Iran posed no imminent threat of attack to the United States,” he wrote on social media. “Iran was not close to building a deliverable nuclear weapon.””

Review – Committee Hearings – Week of 6-22-25

With both the House and Senate in session this week (and out of town next week for the 4^th of July holiday) there is a moderately busy hearing schedule. Budget hearings are still being held in both bodies, but the House continues to work on spending bills. We have one cybersecurity related hearing in the House this week, and a Space Geek bill being marked up in the Senate.

Spending Bill Markups

The House continues to work on crafting and perhaps passing spending bills this week. The table below shows the markup schedule for the House Appropriations Committee. Once the final committee markup is complete, we can expect to see the reported version of the bill introduced in the House in the next day or two.

Space Geek

On Wednesday the Senate Commerce, Science and Transportation Committee will hold a business meeting to look at two nominations and five bills. One of those bills is being mentioned here under my Space Geek coverage:

S 434, Space Commerce Advisory Committee Act

For more information on these hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-6-22-25 - subscription required.

DHS Publishes Iran-related NTAS Bulletin – 6-22-25

Today, DHS published the first new National Terrorism Advisory System (NTAS) bulletin since the last one expired on November 24^th, 2023. Today’s bulletin (which expires on September 22^nd, 2025) addresses the potential threats that have arisen as a result of the U.S. attack on Iran yesterday.

The Summary reports that:

“The ongoing Iran conflict is causing a heightened threat environment in the United States. Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks. Iran also has a long-standing commitment to target US Government officials it views as responsible for the death of an Iranian military commander killed in January 2020. The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland. Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.”

As with other NTAS Bulletins, the government does not appear to have any actionable intelligence about specific threats or planned attacks. The bulletin does provide generic information about the potential for a variety of threats.

You can sign up to receive new alerts or bulletins here.

Review – HR 4016 Introduced – FY 2026 DOD Spending

Last week Rep Calvert (R,CA) introduced HR 4016, the Department of Defense Appropriations Act, 2026. The House Appropriations Committee published their Report on the bill. In addition to setting spending for DOD, the bill includes two minor cyber related mentions as well as a brief chemical weapons destruction entry. There are three cybersecurity discussions in the Report. The bill passed in Committee on a party-line vote.

Moving Forward

In recent years spending bills have been a pro forma statement of policy by the ruling party as continuing resolutions and year-end deals have become the funding mechanisms de jure. The problem has been exacerbated since the Republicans came back into control of the House in that they have had problems even passing bills in the House because of intraparty conflicts.

This year may be different, at least for this bill. With the attacks on Iran last night, we might see a stronger push to support the Pentagon in its ongoing war role. This bill passed in Committee on a party-line vote, and I would expect it to receive similar support on the floor of the House. The Senate has not yet started crafting spending bills, so it is too early to tell how far apart the two houses of congress are. In any case the 60-vote Senate is unlikely to pass this bill as it stands, but there is still plenty of time between now and September 30^th to work out reasonable differences. The unreasonable differences could still remain a problem.

 

For more details about the cybersecurity and chemical safety issues see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4016-introduced-fy-2026-dod-spending - subscription required.

War With Iran – The Response

 With the U.S. attack last night on the nuclear facilities in Iran, we (both as a country and as individuals) need to start thinking about what sort of response to expect from Iran. Anyone that thinks that Iran is going to do nothing in response to a physical attack upon their soil by the “Great Satan” is guilty of wishful thinking at its worst.

Pundits today are certainly going to discuss the threat to US personnel (military and otherwise) stationed in, or operating within, the Gulf States, Diego Garcia, or Isreal, and that cannot be ignored. While my prayers and support go out to those personnel, that is beyond the scope of this blog. My concerns are more focused on the potential for Iranian attacks on facilities here in the United States. We probably do not have to worry about direct military attacks by the Republican Guards forces (though I must admit that drone attacks like those seen being conducted by Ukraine against Russia remain a distinct possibility given Iranian drone technology), but terror attacks and cyber attacks are a significant concern.

Terror attacks by their very nature are hard to predict. Would Iran go after direct attacks on the people of the United States in a true terror campaign? The weapons available to them are many (including those drones that I mentioned above) and it would be difficult to defend against such attacks by a nation state. Or would they specifically target military and critical infrastructure targets? If it is the later type targets, then we will have to be concerned about cyberattacks as part of that terror campaign.

Unfortunately, attacks against chemical facilities would fit into both of these scenarios. Facilities that hold significant quantities of what the now defunct CFATS program called ‘release threat’ chemicals (toxic, flammable, and explosive chemicals) could be attacked to cause great physical harm to surrounding population centers, as well as having a potential outsized impact on the national economy. More sophisticated attacks on chemical facilities could be designed with less direct impact on civilians and a more targeted attack on military capabilities or the economy. And, of course, a pure terror campaign could first target chemical facilities that house explosive or chemical weapon precursors for theft of those chemicals to empower WMD attacks on the population.

While the CFATS program was never designed to protect against nation state level attacks on chemical facilities, it did make those facilities harder to attack. More importantly it provided a cadre of federal assistance to those facilities and a way to funnel more resources to the most dangerous targets. Unfortunately, those resources are no longer available, and those defenses are almost certainly weakened by the loss of that program. While it would not be easy to stand that program back up, Congress certainly needs to look at emergency measures to do so, before Iran decides to use our chemical facilities as a weapon against us.

Short Takes – 6-21-25 – War with Iran

U.S. Enters the War with Iran - Here are the latest developments. NYTimes.com article.  Pull quote: “Iran, which has refrained so far from direct attacks on U.S. troops and interests in the Middle East, has warned that American entry into war would bring retaliation, raising fears around the region about the danger of a widening war. But what form that response would take is unclear. Analysts have also speculated that Iran could react by attacking U.S. troops in the region, or by accelerating its nuclear program — assuming the program survives U.S. bombing.”

What we know about the three Iranian nuclear sites struck by the US. CNN.com article. Pull quote: “The main halls [at Fordow] are an estimated 80 to 90 meters (around 262 to 295 feet) beneath the ground, making it very difficult to destroy the facility from air. The US is the only country with the kind of bomb required to strike that deep, Israeli officials and independent reports have previously said. However analysts have warned even those bombs might not be enough.”

Trump says Iran’s key nuclear sites were ‘completely and fully obliterated’ by U.S. strikes. APNews.com article. Pull quote: “The White House and Pentagon did not immediately elaborate on the operation. But Fox News host Sean Hannity said shortly after 9 p.m. Eastern that he had spoken with Trump and that six bunker buster bombs were used on the Fordo facility. Hannity said 30 Tomahawk missiles fired by U.S. submarines 400 miles away struck the Iranian nuclear sites of Natanz and Isfahan.”

Congressional leaders react to Trump ordering strike attack on Iran. ABCNews.com article. Pull quote: “Pennsylvania Democratic Sen. John Fetterman said on X, "As I’ve long maintained, this was the correct move by @POTUS. Iran is the world’s leading sponsor of terrorism and cannot have nuclear capabilities. I’m grateful for and salute the finest military in the world. 🇺🇸"”

Trump declares 'very successful attack' on Iran's nuclear program as US forces strike 3 key sites. FoxNews.com article. Pull quote: “A senior White House official told Fox News the U.S. gave Israel a heads-up before the strikes, and President Trump spoke with Israeli Prime Minister Benjamin Netanyahu following the attacks.”

U.S. warplanes carry out ‘successful’ strikes on three nuclear sites in Iran, Trump says. WashingtonPost.com article. Pull quote: ““Tonight’s [strike] was the most difficult of them all by far, and perhaps the most lethal,” Trump said. “But if peace does not come quickly, we will go after those other targets with precision, speed and skill. Most of them can be taken out in a matter of minutes.””

Chemical Incident Reporting – Week of 6-14-25

NOTE: See here for series background.

Texas City, TX – 6-14-25

Local News Report: Here, here, here, and here.

There was a fire at a refinery in Texas. There was a shelter-in-place order for local residents. No injuries have been reported and there is no discussion about the amount of damages at the facility.

Not CSB reportable.

GA/SC Border – 6-14-25

Local News Report: Here, here, and here.

There was fuel truck crash under I-20 near the Georgia South Carolina border. The resulting fire severely damaged the overpass which will have to be replaced. No injuries reported.

Not CSB reportable, this is a transportation related incident.

Review – CSB Updated Status of 5 Investigation Recommendations – 6-18-25

Yesterday the Chemical Safety Board (CSB) updated their Recent Recommendation Status Updates page, closing five recommendations with acceptable alternative actions. These actions left 133 of 1019 recommendations open. The CSB took these actions on June 18^th, 2025.

The five recommendations recently addressed are:

Macondo Blowout and Explosion - 2010-10-I-OS-3 - American Petroleum Institute (API),

Macondo Blowout and Explosion - 2010-10-I-OS-1 - Bureau of Safety and Environmental Enforcement (BSEE),

Macondo Blowout and Explosion - 2010-10-I-OS-2 - BSEE,

Macondo Blowout and Explosion - 2010-10-I-OS-11- Department of the Interior (DOI), and

Macondo Blowout and Explosion - 2010-10-I-OS-12 - DOI

Commentary

In several instances, while noting that the actions taken “would not have prevented the Macondo incident”, the Board concluded that, “DOI-BSEE has done a tremendous amount of work toward addressing the intent of R11. DOI-BSEE implemented several initiatives following the Macondo incident, several of  which address a majority of the objectives envisioned by the Board and provide an equivalent level of safety.”

This is an example of why it is so important to have these investigations being done by a non-regulatory body. They have more flexibility to judge the adequacy (or inadequacy) of actions without regard to the letter of the recommendations made or existing regulatory or statutory requirements. Instead, they can look at the reality of the situation to determine if an adequate (and honest) effort has been taken to improve the safety of chemical operations.

 

For more details about the actions taken and the CSB’s actions, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updated-status-of-5-investigation - subscription required.

Review – Public ICS Disclosures – Week of 6-14-25

This week we have five vendor disclosures from Delta Electronics, HP, Sick, VMware, and WAGO (2). We also have three vendor updates from Moxa and Siemens (2). There are seven researcher reports for vulnerabilities in products from Fuji Electric. Finally, we have six exploits for vulnerabilities in products from Advantech, FortiGuard, Palo Alto Networks, Parrot, SIMCom, and WAGO.

Advisories

Delta Advisory - Delta published an advisory that discusses a code injection vulnerability (listed in the CISA Known Exploited Vulnerabilities catalog) in their Delta Academy site (https://preprod-secai-academy￾flow.deltaww.com).

HP Advisory - HP published an advisory that discusses an out-of-bounds read vulnerability in their Notebook and Desktop PCs.

Sick Advisory - Sick published an advisory that describes 20 vulnerabilities in their Field Analytics and Media Server products.

VMware Advisory - Broadcom published a software release notice for their VMware Tanzu Greenplum 7.5.0 product that addresses 21 vulnerabilities

WAGO Advisory #1 - CERT-VDE published an advisory that describes two vulnerabilities in the device manager component of multiple WAGO products.

WAGO Advisory #2 - CERT-VDE published an advisory that discusses 15 vulnerabilities in the WAGO Edge Controller product.

Updates

Moxa Update - Moxa published an update for their Multiple PT Switches advisory that was originally published on January 19^th, 2025, and most recently updated on February 26^th, 2025.

Siemens Update # 1 - Siemens published an update for their Questa and ModelSim advisory that was originally published on October 8^th, 2024.

Siemens Update #2 - Siemens published an update for their Elspec G5 Digital Fault Recorder advisory that was originally published on June 10^th, 2025.

Researcher Reports

Fuji Reports - Zero Day Initiative published seven reports of vulnerabilities in the Fuji Smart Editor.

Exploits

Advantech - Jay Turla published an exploit for a command injection vulnerability in the Advantech WISE 4060LAN.

FortiGuard Exploit - Shahid Parvez Hakim published an exploit for an insufficient session expiration vulnerability in the FortiGuard FortiOS SSL-VPN.

Palo Alto Networks Exploit - Cody Sixteen published a Metasploit module for a denial of service vulnerability in the Palo Alto Networks PAN-OS product.

Parrot Exploit - Mohammed Idrees Banyamer published an exploit for a kernel panic vulnerability in the Parrot QRD, Parrot Alpha-M, DJI QRD, and DJI Alpha-M drone operating systems.

SIMCom Exploit - SEC Consult published an exploit for a hidden functionality vulnerability in the SIMCom SIM7600G Modem.

WAGO Exploit - Ibrahimsql published an exploit for an OS command injection vulnerability in unnamed WAGO products.

 

For more information on these disclosures, including links to 3^rd party advisories, and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-e18 - subscription required.

Short Takes – 6-20-25

Senate Parliamentarian Advises Several Provisions in Republicans’ “One Big, Beautiful Bill” Are Not Permissible, Subject to Byrd Rule. Budget.Senate.gov Ranking Member press release. Pull quote: ““Tonight, the Senate Parliamentarian advised that certain provisions in the Republicans’ One Big, Beautiful Betrayal will be subject to the Byrd Rule – ultimately meaning they will need to be stripped from the bill to ensure it complies with the rules of reconciliation. As much as Senate Republicans would prefer to throw out the rule book and advance their families lose and billionaires win agenda, there are rules that must be followed and Democrats are making sure those rules are enforced,” said Ranking Member Jeff Merkley. “We will continue examining every provision in this Great Betrayal of a bill and will scrutinize it to the furthest extent.””

How Rand Paul got sidelined by fellow Republicans. Politico.com article. Pull quote: “Paul has made clear repeatedly he isn’t planning to vote for the party-line tax and spending bill anyway, giving leadership few reasons to try and play nice. Yet the decision by senior Senate Republicans to undermine a committee chair in such a way marks a dramatic departure from standard Senate procedure. It also reflects the extent to which Paul has become an ideological island, despite him holding a committee gavel thanks to the chamber’s rules around seniority.”

NIH launching long-term health studies of East Palestine train crash. TheHill.com article. Trump Administration funded program. Pull quote: “The project aims to evaluate the impacts of exposure to chemicals of concern in East Palestine and its surrounding communities in the short and long term. The studies will also focus on public health tracking and surveillance of the community’s health conditions, the agency said.”

We may finally know how Tylenol works — and it's not how we thought. LiveScience.com article. Pull quote: “Previous research found that AM404 can act in the central nervous system — the brain and spinal cord. But the new study, published June 4 in the journal PNAS, reveals that AM404 also affects the peripheral nervous system, where pain signals originate.”

Unprecedented pentacoordinate oxygen cluster isn’t so new after all. ChemistryWorld.com article. Chem Geeky article. Pull quote: “Dreuw, who’s now at Heidelberg University in Germany, says he was surprised by the peculiarity of the Shanxi team’s structure: ‘But when you think about it, then it’s immediately clear that this should be stable.’ Advances in computational tools mean scientists can now efficiently search for minima across the full potential energy surface, something that was unrealistic back in 2006 [when a similar construct was apparently incorrectly characterized]. ‘Now you have programs where you can sample whole ensembles … and find structures that you had not expected, such as this one,’ Dreuw adds.”