Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by GPL Odorizers
CVE-2026-4436 (GCVE-0-2026-4436)
Vulnerability from cvelistv5 – Published: 2026-04-09 20:04 – Updated: 2026-04-14 14:04
VLAI?
Title
GPL Odorizers GPL750 Missing Authentication for Critical Function
Summary
A low-privileged remote attacker can send Modbus packets to manipulate
register values that are inputs to the odorant injection logic such that
too much or too little odorant is injected into a gas line.
Severity ?
8.6 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| GPL Odorizers | GPL750 (XL4) |
Affected:
v1.0 , < v6.0
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T14:03:00.899159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T14:04:53.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPL750 (XL4)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v6.0",
"status": "affected",
"version": "v1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL750 (XL4 Prime)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v6.0",
"status": "affected",
"version": "v4.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL Odorizers GPL750 (XL7)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v20.0",
"status": "affected",
"version": "v13.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL Odorizers GPL750 (XL7 Prime)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v20.0",
"status": "affected",
"version": "v18.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous researcher reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
}
],
"value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T20:04:26.208Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\u003cbr\u003e\u003ca href=\"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\" title=\"(opens in a new window)\"\u003ehttps://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\u003c/a\u003e"
}
],
"value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\n https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
}
],
"value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
}
],
"value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\u003cbr\u003e\u003ca href=\"https://hornerautomation.com/controller-firmware/\" title=\"(opens in a new window)\"\u003ehttps://hornerautomation.com/controller-firmware/\u003c/a\u003e"
}
],
"value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\n https://hornerautomation.com/controller-firmware/"
}
],
"source": {
"advisory": "ICSA-26-099-02",
"discovery": "EXTERNAL"
},
"title": "GPL Odorizers GPL750 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-4436",
"datePublished": "2026-04-09T20:04:26.208Z",
"dateReserved": "2026-03-19T19:21:21.967Z",
"dateUpdated": "2026-04-14T14:04:53.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}