Home

Description

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.

PUBLISHED Reserved 2026-04-14 | Published 2026-04-23 | Updated 2026-04-24 | Assigner icscert




HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

V1.523
affected

Credits

Jithin Nambiar J reported these vulnerabilities to CISA. finder

References

senselive.io/contact

www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

github.com/...p/csaf_files/OT/white/2026/icsa-26-111-12.json

cve.org (CVE-2026-40623)

nvd.nist.gov (CVE-2026-40623)

Download JSON