Skip to main content

SenseLive X3050 CVE-2026-27841

| EUVDEUVD-2026-25352 HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-04-24 icscert GHSA-245p-p394-pw8w
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 14:52 vuln.today
cvss_changed
Analysis Generated
Apr 24, 2026 - 00:47 vuln.today
CVSS changed
Apr 24, 2026 - 00:22 NVD
8.1 (HIGH) 8.4 (HIGH)
EUVD ID Assigned
Apr 24, 2026 - 00:15 euvd
EUVD-2026-25352
Analysis Generated
Apr 24, 2026 - 00:15 vuln.today
CVE Published
Apr 24, 2026 - 00:00 nvd
HIGH 8.4

DescriptionCVE.org

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device.

AnalysisAI

Cross-Site Request Forgery in SenseLive X3050's web management interface enables authenticated attackers to force victims into executing unauthorized configuration changes and potentially disruptive operations. A remote attacker with low privileges can craft malicious web pages that, when visited by an authenticated administrator, trigger state-changing requests without the victim's knowledge, leading to high integrity and availability impact on the device. CISA ICS-CERT has issued an advisory (ICSA-26-111-12) for this industrial control system component, indicating coordination with the vendor and awareness within the critical infrastructure community.

Technical ContextAI

This vulnerability affects the web-based management interface of SenseLive X3050, an industrial sensing and monitoring device. The root cause is CWE-352 (Cross-Site Request Forgery), a web security weakness where applications fail to verify that requests originate from legitimate sources. Modern web frameworks typically defend against CSRF through synchronizer tokens (unique per-session values embedded in forms), double-submit cookies, or SameSite cookie attributes. The X3050's interface lacks these protections entirely and performs no server-side validation of request origin headers (Referer/Origin), allowing attackers to craft HTML forms or JavaScript on external domains that submit authenticated requests to the device. The CVSS 4.0 vector indicates network-based attack vector with low complexity and no attack complexity modifiers, requiring only low privileges (an authenticated session cookie) but no user interaction beyond visiting a malicious page-the browser automatically includes authentication cookies in cross-site requests unless explicitly prevented.

RemediationAI

Consult CISA ICS-CERT advisory ICSA-26-111-12 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12) and vendor CSAF document (https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json) for official patched firmware versions and upgrade instructions-patch availability not confirmed from provided data, contact SenseLive (https://senselive.io/contact) for fix status. Until patched, implement network-level compensating controls: restrict management interface access to dedicated admin workstations on isolated VLANs with no internet access, deploy web proxies that enforce SameSite=Strict cookie policies if supported, and block cross-origin requests to device IP ranges at network perimeter. Configure web browsers used for device administration with extensions that require explicit confirmation for cross-origin POST requests, though this degrades usability and relies on human vigilance. Train administrators never to browse untrusted websites from systems or network segments with access to industrial control devices. These workarounds reduce but do not eliminate risk, as sophisticated attackers may compromise admin workstations directly or exploit trust relationships within the isolated network.

Share

CVE-2026-27841 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy