CVE-2026-24790

Summary

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.

Affected Software

VendorProductVersion RangeStatus
WelkerOdorEyes EcoSystem Pulse Bypass System with XL4 ControllerAll versionsaffected

Weaknesses

  • CWE-306: CWE-306

Workarounds

Welker did not respond to CISA's attempts at coordination. Users of Welker OdorEyes devices are encouraged to contact Welker and keep their systems up to date.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References