CVE-2026-4436

Summary

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.

Affected Software

VendorProductVersion RangeStatus
GPL OdorizersGPL750 (XL4)v1.0 < v6.0affected
GPL OdorizersGPL750 (XL4 Prime)v4.0 < v6.0affected
GPL OdorizersGPL Odorizers GPL750 (XL7)v13.0 < v20.0affected
GPL OdorizersGPL Odorizers GPL750 (XL7 Prime)v18.4 < v20.0affected

Weaknesses

  • CWE-306: CWE-306

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References