Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing...

8.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Description

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.

Basic Information

ID CVE-2026-24790

Source icscert

Published Feb 20, 2026 at 16:15

Affected Product

Vendor Welker

Product OdorEyes EcoSystem Pulse Bypass System with XL4 Controller

Version All versions

Affected Versions Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller All versions

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.",
    "published": "2026-02-20T16:15:21.374Z",
    "modified": "2026-02-20T16:15:21.374Z",
    "type": "cve",
    "title": "Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://www.welker.com/contact-us/welker-team\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-050-04\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-04.json",
    "id": "CVE-2026-24790",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller All versions",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OdorEyes EcoSystem Pulse Bypass System with XL4 Controller",
    "version": "All versions",
    "vendor": "Welker",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function_CVE-2026-24790