Description
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.
Published: 2026-04-23
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Configuration Modification
Action: Contact Vendor
AI Analysis

Impact

A flaw in SenseLive X3050's web management interface permits modification of critical configuration parameters without proper authorization or validation, as identified by CWE-862. Attackers who can reach the web interface can change IP addressing, watchdog timer settings, reconnect intervals, and service ports to unsupported or unsafe values, directly affecting core device behaviour and recovery mechanisms. This can destabilize the device or render it persistently unavailable, causing denial of service to the protected processes.

Affected Systems

Only the SenseLive X3050 industrial control product is listed as affected. No specific firmware or software version information is provided, so all variants of the X3050 are potentially vulnerable until a vendor statement clarifies otherwise.

Risk and Exploitability

The CVSS score of 7.2 indicates significant impact from this flaw. The EPSS score is below 1% and the vulnerability is not included in CISA’s KEV catalog, suggesting a relatively low probability of widespread exploitation at present. However, the attack requires access to the device’s web management interface – a remote yet privileged exposure – and the lack of sufficient validation makes the configuration changes deterministic and repeatable. If an attacker gains this access, they can immediately alter the controlled parameters and cause operational disruption.

Generated by OpenCVE AI on April 28, 2026 at 14:32 UTC.

Remediation

Vendor Solution

SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact

OpenCVE Recommended Actions

  • Reach out to SenseLive support at https://senselive.io/contact for guidance and any available patch.
  • Restrict the web management interface to a narrow set of trusted administrators using firewall rules or network segmentation to block external access.
  • Apply any vendor‑issued update that adds proper authorization checks to the configuration handling routines when it becomes available.

Generated by OpenCVE AI on April 28, 2026 at 14:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Senselive x3500
Senselive x3500 Firmware
CPEs cpe:2.3:h:senselive:x3500:-:*:*:*:*:*:*:*
cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:*
Vendors & Products Senselive x3500
Senselive x3500 Firmware

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive
Senselive x3050
Vendors & Products Senselive
Senselive x3050

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.
Title SenseLive X3050 Missing Authorization
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Senselive X3050 X3500 X3500 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-24T18:18:37.202Z

Reserved: 2026-04-14T15:57:14.970Z

Link: CVE-2026-40623

cve-icon Vulnrichment

Updated: 2026-04-24T17:05:43.385Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T00:16:28.860

Modified: 2026-04-28T19:02:30.653

Link: CVE-2026-40623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:45:16Z

Weaknesses