THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesApr 21, 2026

SenseLive X3050

CISA discloses 11 critical vulnerabilities in SenseLive X3050 ICS gateway affecting authentication and control.

Read at source

Summary

CISA released an advisory (ICSA-26-111-12) detailing 11 vulnerabilities in SenseLive X3050 V1.523, a critical infrastructure gateway deployed worldwide in manufacturing, water/wastewater, energy, and IT sectors. The flaws enable complete device takeover through multiple attack vectors including authentication bypass, hardcoded credentials, missing authorization, cleartext transmission, and CSRF. SenseLive did not respond to CISA coordination requests, leaving affected organizations without vendor remediation guidance.

Full text

ICS Advisory SenseLive X3050 Release DateApril 21, 2026 Alert CodeICSA-26-111-12 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. The following versions of SenseLive X3050 are affected: X3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE-2026-40623, CVE-2026-27841, CVE-2026-40620, CVE-2026-35064, CVE-2026-25775) CVSS Vendor Equipment Vulnerabilities v3 9.8 SenseLive SenseLive X3050 Authentication Bypass Using an Alternate Path or Channel, Insufficient Session Expiration, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information, Missing Authorization, Cross-Site Request Forgery (CSRF) Background Critical Infrastructure Sectors: Critical Manufacturing, Water and Wastewater, Energy, Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: India Vulnerabilities Expand All + CVE-2026-40630 A vulnerability in the X3050's web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions. View CVE Details Affected Products SenseLive X3050 Vendor:SenseLive Product Version:SenseLive X3050: V1.523 Product Status:known_affected Remediations MitigationSenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contacthttps://senselive.io/contact Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-25720 A vulnerability exists in the X3050's web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after legitimate user activity has ceased. View CVE Details Affected Products SenseLive X3050 Vendor:SenseLive Product Version:SenseLive X3050: V1.523 Product Status:known_affected Remediations MitigationSenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contacthttps://senselive.io/contact Relevant CWE: CWE-613 Insufficient Session Expiration Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2026-35503 A vulnerability in the X3050's web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality. View CVE Details Affected Products SenseLive X3050 Vendor:SenseLive Product Version:SenseLive X3050: V1.523 Product Status:known_affected Remediations MitigationSenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contacthttps://senselive.io/contact Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-39462 A vulnerability exists in the X3050's web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly. View CVE Details Affected Products SenseLive X3050 Vendor:SenseLive Product Version:SenseLive X3050: V1.523 Product Status:known_affected Remediations MitigationSenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contacthttps://senselive.io/contact Relevant CWE: CWE-522 Insufficiently Protected Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-27843 A vulnerability exists in the X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the device lacks a physical reset button, recovery requires specialized technical access via the console to perform a factory reset, resulting in a total denial-of-service for the gateway and its connected RS-485 downstream systems. View CVE Details Affected Products SenseLive X3050 Vendor:SenseLive Product Version:SenseLive X3050: V1.523 Product Status:known_affected Remediations MitigationSenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contacthttps://senselive.io/contact Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2026-40431 A vulnerability exists in the X3050's web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information. View CVE Details Affected Products SenseLive X3050 Vendor:SenseLive Product Version:SenseLive X3050: V1.523 Product Status:known_affected Remediations MitigationSenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contacthttps://senselive.io/contact Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-40623 A vulnerability in the X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable. View CVE Details Affected Products SenseLive X3050 Vendor:SenseLive Product Version:SenseLive X3050: V1.523 Product Status:known_affected Remediations MitigationSenseLive did not respond to CISA's requests to coordinate. Affected users are encour

Indicators of Compromise

  • cve — CVE-2026-40630
  • cve — CVE-2026-25720
  • cve — CVE-2026-35503
  • cve — CVE-2026-39462
  • cve — CVE-2026-27843
  • cve — CVE-2026-40431
  • cve — CVE-2026-40623
  • cve — CVE-2026-27841
  • cve — CVE-2026-40620
  • cve — CVE-2026-35064
  • cve — CVE-2026-25775

Entities

SenseLive X3050 (product)SenseLive Config 2.0 (product)SenseLive (vendor)RS-485 (technology)