CVE-2026-4436 (GCVE-0-2026-4436)
Vulnerability from cvelistv5
Published
2026-04-09 20:04
Modified
2026-04-14 14:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A low-privileged remote attacker can send Modbus packets to manipulate
register values that are inputs to the odorant injection logic such that
too much or too little odorant is injected into a gas line.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| GPL Odorizers | GPL750 (XL4) |
Version: v1.0 < v6.0 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T14:03:00.899159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T14:04:53.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPL750 (XL4)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v6.0",
"status": "affected",
"version": "v1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL750 (XL4 Prime)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v6.0",
"status": "affected",
"version": "v4.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL Odorizers GPL750 (XL7)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v20.0",
"status": "affected",
"version": "v13.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL Odorizers GPL750 (XL7 Prime)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v20.0",
"status": "affected",
"version": "v18.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous researcher reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
}
],
"value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T20:04:26.208Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\u003cbr\u003e\u003ca href=\"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\" title=\"(opens in a new window)\"\u003ehttps://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\u003c/a\u003e"
}
],
"value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\n https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
}
],
"value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
}
],
"value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\u003cbr\u003e\u003ca href=\"https://hornerautomation.com/controller-firmware/\" title=\"(opens in a new window)\"\u003ehttps://hornerautomation.com/controller-firmware/\u003c/a\u003e"
}
],
"value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\n https://hornerautomation.com/controller-firmware/"
}
],
"source": {
"advisory": "ICSA-26-099-02",
"discovery": "EXTERNAL"
},
"title": "GPL Odorizers GPL750 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-4436",
"datePublished": "2026-04-09T20:04:26.208Z",
"dateReserved": "2026-03-19T19:21:21.967Z",
"dateUpdated": "2026-04-14T14:04:53.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4436\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-14T14:03:00.899159Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T14:04:19.698Z\"}}], \"cna\": {\"title\": \"GPL Odorizers GPL750 Missing Authentication for Critical Function\", \"source\": {\"advisory\": \"ICSA-26-099-02\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"An anonymous researcher reported this vulnerability to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GPL Odorizers\", \"product\": \"GPL750 (XL4)\", \"versions\": [{\"status\": \"affected\", \"version\": \"v1.0\", \"lessThan\": \"v6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"GPL Odorizers\", \"product\": \"GPL750 (XL4 Prime)\", \"versions\": [{\"status\": \"affected\", \"version\": \"v4.0\", \"lessThan\": \"v6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"GPL Odorizers\", \"product\": \"GPL Odorizers GPL750 (XL7)\", \"versions\": [{\"status\": \"affected\", \"version\": \"v13.0\", \"lessThan\": \"v20.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"GPL Odorizers\", \"product\": \"GPL Odorizers GPL750 (XL7 Prime)\", \"versions\": [{\"status\": \"affected\", \"version\": \"v18.4\", \"lessThan\": \"v20.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"GPL Odorizers recommends users update to the latest software version of \\nthe GPL750 in connection with the latest firmware from Horner Automation\\n for the XL4, XL4 Prime, XL7, and XL7 Prime \\ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\\n https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"GPL Odorizers recommends users update to the latest software version of \\nthe GPL750 in connection with the latest firmware from Horner Automation\\n for the XL4, XL4 Prime, XL7, and XL7 Prime \\ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\u003cbr\u003e\u003ca href=\\\"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\\\" title=\\\"(opens in a new window)\\\"\u003ehttps://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\u003c/a\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"GPL Odorizers recommends users clear the old files from their microSD \\ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \\nhave a WebMI license. The compressed folder downloaded from the link \\nabove can then be extracted to the root directory of the microSD card. \\nThese files already include the corresponding firmware update. If users \\ndo not have IT permissions to access their microSD cards, GPL Odorizers \\ncan provide preconfigured SD cards that technicians can simply swap into\\n their odorizers prior to installation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"GPL Odorizers recommends users clear the old files from their microSD \\ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \\nhave a WebMI license. The compressed folder downloaded from the link \\nabove can then be extracted to the root directory of the microSD card. \\nThese files already include the corresponding firmware update. If users \\ndo not have IT permissions to access their microSD cards, GPL Odorizers \\ncan provide preconfigured SD cards that technicians can simply swap into\\n their odorizers prior to installation.\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"For assistance in updating GPL Odorizers to the latest version, users \\nshould reach out to GPL Odorizers directly via phone number (303) \\n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"For assistance in updating GPL Odorizers to the latest version, users \\nshould reach out to GPL Odorizers directly via phone number (303) \\n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST.\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Horner Automation offers firmware version 15.76 for their XL Series and \\nversion 17.30 for their XL Prime Series controllers. An installation guide\\n is available for both the XL series and the XL Prime series.\\n https://hornerautomation.com/controller-firmware/\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Horner Automation offers firmware version 15.76 for their XL Series and \\nversion 17.30 for their XL Prime Series controllers. An installation guide\\n is available for both the XL series and the XL Prime series.\u003cbr\u003e\u003ca href=\\\"https://hornerautomation.com/controller-firmware/\\\" title=\\\"(opens in a new window)\\\"\u003ehttps://hornerautomation.com/controller-firmware/\u003c/a\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02\"}, {\"url\": \"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A low-privileged remote attacker can send Modbus packets to manipulate \\nregister values that are inputs to the odorant injection logic such that\\n too much or too little odorant is injected into a gas line.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A low-privileged remote attacker can send Modbus packets to manipulate \\nregister values that are inputs to the odorant injection logic such that\\n too much or too little odorant is injected into a gas line.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2026-04-09T20:04:26.208Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-4436\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-14T14:04:53.417Z\", \"dateReserved\": \"2026-03-19T19:21:21.967Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2026-04-09T20:04:26.208Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…