A missing-authentication vulnerability (CVE-2026-24790) in Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller could allow unauthorized actions that result in over- or under-odorization events. CISA rates this issue CVSS v3 8.2 and recommends isolating control networks, minimizing internet exposure, using updated VPNs and firewalls, and following ICS defense-in-depth guidance to mitigate risk; no public exploitation has been reported. #WelkerOdorEyes #CVE-2026-24790
Keypoints
- The vulnerability affects Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller (CVE-2026-24790).
- The issue is classified as Missing Authentication for Critical Function with a CVSS v3 score of 8.2.
- Successful exploitation could cause over- or under-odorization, impacting safety and operations.
- Critical infrastructure sectors at risk include Chemical, Critical Manufacturing, Energy, and Food and Agriculture.
- CISA advises minimizing network exposure, isolating control systems behind firewalls, using updated VPNs, and following ICS best practices.
Read More: https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-04