CVE-2026-4436 (GCVE-0-2026-4436)

Vulnerability from cvelistv5 – Published: 2026-04-09 20:04 – Updated: 2026-04-09 20:04
VLAI?
Title
GPL Odorizers GPL750 Missing Authentication for Critical Function
Summary
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.
Severity ?
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
GPL Odorizers GPL750 (XL4) Affected: v1.0 , < v6.0 (custom)
Create a notification for this product.
Credits
An anonymous researcher reported this vulnerability to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GPL750 (XL4)",
          "vendor": "GPL Odorizers",
          "versions": [
            {
              "lessThan": "v6.0",
              "status": "affected",
              "version": "v1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GPL750 (XL4 Prime)",
          "vendor": "GPL Odorizers",
          "versions": [
            {
              "lessThan": "v6.0",
              "status": "affected",
              "version": "v4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GPL Odorizers GPL750 (XL7)",
          "vendor": "GPL Odorizers",
          "versions": [
            {
              "lessThan": "v20.0",
              "status": "affected",
              "version": "v13.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GPL Odorizers GPL750 (XL7 Prime)",
          "vendor": "GPL Odorizers",
          "versions": [
            {
              "lessThan": "v20.0",
              "status": "affected",
              "version": "v18.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "An anonymous researcher reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
            }
          ],
          "value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T20:04:26.208Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\u003cbr\u003e\u003ca href=\"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\" title=\"(opens in a new window)\"\u003ehttps://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\u003c/a\u003e"
            }
          ],
          "value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\n https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
            }
          ],
          "value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
            }
          ],
          "value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\u003cbr\u003e\u003ca href=\"https://hornerautomation.com/controller-firmware/\" title=\"(opens in a new window)\"\u003ehttps://hornerautomation.com/controller-firmware/\u003c/a\u003e"
            }
          ],
          "value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\n https://hornerautomation.com/controller-firmware/"
        }
      ],
      "source": {
        "advisory": "ICSA-26-099-02",
        "discovery": "EXTERNAL"
      },
      "title": "GPL Odorizers GPL750 Missing Authentication for Critical Function",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-4436",
    "datePublished": "2026-04-09T20:04:26.208Z",
    "dateReserved": "2026-03-19T19:21:21.967Z",
    "dateUpdated": "2026-04-09T20:04:26.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-4436\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2026-04-09T20:16:27.903\",\"lastModified\":\"2026-04-09T20:16:27.903\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A low-privileged remote attacker can send Modbus packets to manipulate \\nregister values that are inputs to the odorant injection logic such that\\n too much or too little odorant is injected into a gas line.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.