Home

Description

A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

PUBLISHED Reserved 2026-04-14 | Published 2026-04-23 | Updated 2026-04-24 | Assigner icscert




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-288 Authentication bypass using an alternate path or channel

Product status

Default status
unaffected

V1.523
affected

Credits

Jithin Nambiar J reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

github.com/...p/csaf_files/OT/white/2026/icsa-26-111-12.json

senselive.io/contact

cve.org (CVE-2026-40630)

nvd.nist.gov (CVE-2026-40630)

Download JSON