CISA 2026-04-09

GPL Odorizers GPL750

CVE-2026-4436

Machine-generated analysis · WAYSCloud LLM

The advisory indicates that low-privileged remote attackers can manipulate odorant injection logic via Modbus packets. This may affect gas line safety by causing improper odorant levels.

Context

The GPL750 is an odorizer system used in critical manufacturing sectors to inject odorant into gas lines for leak detection. The advisory states that missing authentication allows remote manipulation of register values controlling odorant injection. The vulnerability affects multiple versions across XL4 and XL7 product lines with specific version ranges provided.

Operator considerations

Check: Inventory all GPL750 devices for affected versions (XL4 >=v1.0|<v6.0, XL4 Prime >=v4.0|<v6.0, XL7 >=v13.0|<v20.0, XL7 Prime >=v18.4|<v20.0)
Isolate: Restrict Modbus access to these devices to trusted networks only
Patch: Update to latest software version using firmware from Horner Automation via provided Sharepoint link
Log: Monitor for unauthorized Modbus traffic to port 502

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which would result in too much or too little odorant being injected into a gas line.

The following versions of GPL Odorizers GPL750 are affected:

GPL750 (XL4) >=v1.0|

GPL750 (XL4 Prime) >=v4.0|

GPL750 (XL7) >=v13.0|

GPL750 (XL7 Prime) >=v18.4|

Vendor

Equipment

GPL Odorizers

GPL Odorizers GPL750

Missing Authentication for Critical Function

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: United States

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.

GPL Odorizers GPL750

Read the full advisory on CISA →