GPL Odorizers GPL750 Missing Authentication for Critical Function_CVE-2026-4436

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Description

A low-privileged remote attacker can send Modbus packets to manipulate
register values that are inputs to the odorant injection logic such that
too much or too little odorant is injected into a gas line.

AI Analysis

Missing authentication for critical function in GPL Odorizers GPL750 allows remote attackers to manipulate register values, potentially leading to incorrect odorant injection into a gas line.

Basic Information

ID CVE-2026-4436

Source icscert

Published Apr 9, 2026 at 20:04

Affected Product

Vendor GPL Odorizers

Product GPL750 (XL4)

Version v1.0

Affected Versions GPL Odorizers GPL750 (XL4) v1.0
GPL Odorizers GPL750 (XL4 Prime) v4.0
GPL Odorizers GPL Odorizers GPL750 (XL7) v13.0
GPL Odorizers GPL Odorizers GPL750 (XL7 Prime) v18.4

CWE Classification

CWE-306

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor GPL Odorizers

Product GPL750

Version v1.0, v4.0, v13.0, v18.4

References

{
    "lastseen": "",
    "description": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line.",
    "published": "2026-04-09T20:04:26.208Z",
    "modified": "2026-04-09T20:04:26.208Z",
    "type": "cve",
    "title": "GPL Odorizers GPL750 Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json",
    "id": "CVE-2026-4436",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "GPL Odorizers GPL750 (XL4) v1.0\nGPL Odorizers GPL750 (XL4 Prime) v4.0\nGPL Odorizers GPL Odorizers GPL750 (XL7) v13.0\nGPL Odorizers GPL Odorizers GPL750 (XL7 Prime) v18.4",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GPL750 (XL4)",
    "version": "v1.0",
    "vendor": "GPL Odorizers",
    "ai_description": "Missing authentication for critical function in GPL Odorizers GPL750 allows remote attackers to manipulate register values, potentially leading to incorrect odorant injection into a gas line.",
    "ai_severity": "High",
    "ai_vendor": "GPL Odorizers",
    "ai_product": "GPL750",
    "ai_version": "v1.0, v4.0, v13.0, v18.4",
    "ai_score": 8.6
}