Skip to main content

Gpl750 Xl4 CVE-2026-4436

| EUVDEUVD-2026-21066 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-04-09 icscert GHSA-frgm-v97w-x7w6
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 09, 2026 - 20:15 euvd
EUVD-2026-21066
Analysis Generated
Apr 09, 2026 - 20:15 vuln.today
CVE Published
Apr 09, 2026 - 20:04 nvd
HIGH 8.6

DescriptionCVE.org

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.

AnalysisAI

Unauthenticated remote attackers can manipulate Modbus register inputs in GPL Odorizers GPL750 industrial control systems (XL4, XL4 Prime, XL7, XL7 Prime variants across versions 1.0-20.0), causing incorrect odorant injection volumes into natural gas distribution pipelines. Authentication bypass (CWE-306) via network-accessible Modbus interface permits direct register value tampering without credential validation, enabling safety-critical process manipulation. No public exploit identified at time of analysis.

Technical ContextAI

Missing authentication on Modbus TCP/IP protocol implementation allows unrestricted register write operations. CVSS vector confirms network attack vector with no authentication requirement (PR:N). CWE-306 authentication bypass permits direct manipulation of PLC registers controlling odorant injection pump rates and volume calculations in industrial gas odorization equipment.

RemediationAI

Vendor-released patch: upgrade GPL750 (XL4) and (XL4 Prime) to v6.0 or later; upgrade GPL750 (XL7) and (XL7 Prime) to v20.0 or later per CISA advisory. Until patching, implement network segmentation isolating Modbus interfaces from untrusted networks, deploy industrial firewalls with strict IP whitelisting for PLC access, and enable authentication mechanisms on upstream SCADA/HMI systems. Monitor Modbus traffic for unexpected register write operations to addresses controlling odorant injection parameters. Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02

Share

CVE-2026-4436 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy