Risk Summary
Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which would result in too much or too little odorant being injected into a gas line.
CVEs (1)
Remediations
- GPL Odorizers recommends users update to the latest software version of the GPL750 in connection with the latest firmware from Horner Automation for the XL4, XL4 Prime, XL7, and XL7 Prime devices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.
- GPL Odorizers recommends users clear the old files from their microSD cards, keeping only the LOGS folder and the FIRMWARE.LIC file if they have a WebMI license. The compressed folder downloaded from the link above can then be extracted to the root directory of the microSD card. These files already include the corresponding firmware update. If users do not have IT permissions to access their microSD cards, GPL Odorizers can provide preconfigured SD cards that technicians can simply swap into their odorizers prior to installation.
- For assistance in updating GPL Odorizers to the latest version, users should reach out to GPL Odorizers directly via phone number (303) 697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST.
- Horner Automation offers firmware version 15.76 for their XL Series and version 17.30 for their XL Prime Series controllers https://hornerautomation.com/controller-firmware/. An installation guide is available for both the XL series and the XL Prime series.
Affected Vendors
GPL Odorizers
Affected Products (4)
GPL Odorizers
·
GPL750 (XL4)
>=v1.0|<v6.0
GPL Odorizers
·
GPL750 (XL4 Prime)
>=v4.0|<v6.0
GPL Odorizers
·
GPL750 (XL7)
>=v13.0|<v20.0
GPL Odorizers
·
GPL750 (XL7 Prime)
>=v18.4|<v20.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more