CVE-2026-4436 | THREATINT

Description

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.

PUBLISHED Reserved 2026-03-19 | Published 2026-04-09 | Updated 2026-04-14 | Assigner icscert

HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Problem types

CWE-306

Product status

Default status

unaffected

v1.0 (custom) before v6.0

affected

Default status

unaffected

v4.0 (custom) before v6.0

affected

Default status

unaffected

v13.0 (custom) before v20.0

affected

Default status

unaffected

v18.4 (custom) before v20.0

affected

Credits

An anonymous researcher reported this vulnerability to CISA. finder

References

lincenergysystems-my.sharepoint.com/...YBFUb0lmr7ak?e=JLeADm

www.cisa.gov/news-events/ics-advisories/icsa-26-099-02

github.com/...p/csaf_files/OT/white/2026/icsa-26-099-02.json

cve.org (CVE-2026-4436)

nvd.nist.gov (CVE-2026-4436)

Download JSON