{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4436", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-03-19T19:21:21.967Z", "datePublished": "2026-04-09T20:04:26.208Z", "dateUpdated": "2026-04-09T20:04:26.208Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-09T20:04:26.208Z"}, "title": "GPL Odorizers GPL750 Missing Authentication for Critical Function", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306", "type": "CWE"}]}], "affected": [{"vendor": "GPL Odorizers", "product": "GPL750 (XL4)", "versions": [{"status": "affected", "version": "v1.0", "lessThan": "v6.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "GPL Odorizers", "product": "GPL750 (XL4 Prime)", "versions": [{"status": "affected", "version": "v4.0", "lessThan": "v6.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "GPL Odorizers", "product": "GPL Odorizers GPL750 (XL7)", "versions": [{"status": "affected", "version": "v13.0", "lessThan": "v20.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "GPL Odorizers", "product": "GPL Odorizers GPL750 (XL7 Prime)", "versions": [{"status": "affected", "version": "v18.4", "lessThan": "v20.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."}]}], "references": [{"url": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}}], "solutions": [{"lang": "en", "value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\n https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm", "supportingMedia": [{"type": "text/html", "base64": false, "value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.<br><a href=\"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\" title=\"(opens in a new window)\">https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm</a>"}]}, {"lang": "en", "value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."}]}, {"lang": "en", "value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."}]}, {"lang": "en", "value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\n https://hornerautomation.com/controller-firmware/", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.<br><a href=\"https://hornerautomation.com/controller-firmware/\" title=\"(opens in a new window)\">https://hornerautomation.com/controller-firmware/</a>"}]}], "credits": [{"lang": "en", "value": "An anonymous researcher reported this vulnerability to CISA.", "type": "finder"}], "source": {"advisory": "ICSA-26-099-02", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."}], "id": "CVE-2026-4436", "lastModified": "2026-04-09T20:16:27.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-04-09T20:16:27.903", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[v1.0,v6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "GPL750 (XL4)", "source": "cna", "vendor": "GPL Odorizers"}, "product": "gpl750_(xl4)", "vendor": "gpl_odorizers"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[v4.0,v6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "GPL750 (XL4 Prime)", "source": "cna", "vendor": "GPL Odorizers"}, "product": "gpl750_(xl4_prime)", "vendor": "gpl_odorizers"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[v13.0,v20.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "GPL Odorizers GPL750 (XL7)", "source": "cna", "vendor": "GPL Odorizers"}, "product": "gpl_odorizers_gpl750_(xl7)", "vendor": "gpl_odorizers"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[v18.4,v20.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "GPL Odorizers GPL750 (XL7 Prime)", "source": "cna", "vendor": "GPL Odorizers"}, "product": "gpl_odorizers_gpl750_(xl7_prime)", "vendor": "gpl_odorizers"}], "analysis": {"en": {"generated_at": "2026-04-09T21:20:26.140458+00:00", "value": {"mitigation_remediation": ["Update the GPL750 firmware to the latest version provided by GPL Odorizers and Horner Automation, using firmware 15.76 for XL series or 17.30 for XL Prime series.", "Clear existing firmware files from the device\u2019s microSD card, keeping only the LOGS folder and the FIRMWARE.LIC file if a WebMI license exists.", "If users lack IT permissions, obtain preconfigured SD cards from GPL Odorizers and swap them into the odorizers prior to installation.", "Contact GPL Odorizers support (phone 303\u2011697\u20116701) for assistance or verification that the patch was applied correctly."], "summary": {"action": "Immediate Patch", "impact": "Control System Manipulation via Unauthorized Modbus Register Modification"}, "threat_synthesis": {"affected_systems": "Affected devices are the GPL Odorizers GPL750 series, specifically the XL4, XL4 Prime, XL7, and XL7 Prime models. Firmware updates\u2014Horner Automation version 15.76 for the XL series and version 17.30 for the XL Prime series\u2014are available through the vendor\u2019s repository. Administrators should remove older firmware files from the device\u2019s microSD card, retaining only the LOGS folder and the FIRMWARE.LIC file if a WebMI license is used. The compressed update package can be extracted to the root of the microSD card, or technicians can provide preconfigured SD cards if management lacks IT permissions.", "description_and_impact": "The vulnerability permits a low\u2011privileged attacker who can send Modbus packets to the GPL750-based odorizers to alter register values that control odorant injection. By modifying these values, the attacker can cause the device to inject either too much or too little odorant into a gas line, compromising the intended masking of hazardous substances and potentially exposing personnel and the environment to harmful conditions. The weakness corresponds to CWE\u2011306, missing authentication for a critical control function.", "risk_and_exploitability": "The impact is rated moderate to high with a CVSS score of 8.6. EPSS data is not provided and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote Modbus communication over the device\u2019s network interface or serial link; this inference is based on the description\u2019s mention of Modbus packet manipulation. Exploitation requires only low\u2011privilege access to the Modbus network, making the threat realistic in environments where these devices are not protected by network segmentation or authentication."}}}}, "created": "2026-04-10T08:38:39.088895+00:00", "updated": "2026-04-10T09:29:22.115848+00:00", "vendors": ["gpl_odorizers", "gpl_odorizers$PRODUCT$gpl750_(xl4)", "gpl_odorizers$PRODUCT$gpl750_(xl4_prime)", "gpl_odorizers$PRODUCT$gpl_odorizers_gpl750_(xl7)", "gpl_odorizers$PRODUCT$gpl_odorizers_gpl750_(xl7_prime)"]}