Home

Description

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.

PUBLISHED Reserved 2026-04-14 | Published 2026-04-24 | Updated 2026-04-24 | Assigner icscert




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-306 Missing authentication for critical function

Product status

Default status
unaffected

V1.523
affected

Credits

Jithin Nambiar J reported these vulnerabilities to CISA. finder

References

senselive.io/contact

www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

github.com/...p/csaf_files/OT/white/2026/icsa-26-111-12.json

cve.org (CVE-2026-35064)

nvd.nist.gov (CVE-2026-35064)

Download JSON