Search criteria
1 vulnerability by Welker
CVE-2026-24790 (GCVE-0-2026-24790)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:15 – Updated: 2026-02-20 18:59
VLAI?
Title
Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function
Summary
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
Severity ?
8.2 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Welker | OdorEyes EcoSystem Pulse Bypass System with XL4 Controller |
Affected:
All versions
|
Credits
A project sponsored by DHS S&T reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T18:57:49.840358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T18:59:34.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OdorEyes EcoSystem Pulse Bypass System with XL4 Controller",
"vendor": "Welker",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "A project sponsored by DHS S\u0026T reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication."
}
],
"value": "The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:15:21.374Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.welker.com/contact-us/welker-team"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-04.json"
}
],
"source": {
"advisory": "ICSA-26-050-04",
"discovery": "EXTERNAL"
},
"title": "Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Welker did not respond to CISA\u0027s attempts at coordination. Users of \nWelker OdorEyes devices are encouraged to contact Welker and keep their \nsystems up to date.\n\n\u003cbr\u003e"
}
],
"value": "Welker did not respond to CISA\u0027s attempts at coordination. Users of \nWelker OdorEyes devices are encouraged to contact Welker and keep their \nsystems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-24790",
"datePublished": "2026-02-20T16:15:21.374Z",
"dateReserved": "2026-02-05T19:05:16.840Z",
"dateUpdated": "2026-02-20T18:59:34.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}