HIGHCVE-2026-4436Published Modified CNA icscert
CVE-2026-4436: GPL Odorizers GPL750 Missing Authentication for Critical Function
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.
Metrics
- CVSS v3.1
- 8.6
- Severity
- HIGH
- Fixed in
- v20.0
- Affected Products
- 4
Fix available
v20.0v6.0
Affected packages
- GPL Odorizers / GPL750 (XL4)< v6.0 (from v1.0)
- GPL Odorizers / GPL750 (XL4 Prime)< v6.0 (from v4.0)
- GPL Odorizers / GPL Odorizers GPL750 (XL7)< v20.0 (from v13.0)
- GPL Odorizers / GPL Odorizers GPL750 (XL7 Prime)< v20.0 (from v18.4)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N