Skip to main content

SenseLive X3050 CVE-2026-39462

| EUVDEUVD-2026-25360 CRITICAL
Insufficiently Protected Credentials (CWE-522)
2026-04-23 icscert GHSA-fvx4-mqf9-ccvh
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 24, 2026 - 14:52 vuln.today
cvss_changed
Analysis Generated
Apr 24, 2026 - 00:47 vuln.today
Severity Changed
Apr 24, 2026 - 00:22 NVD
HIGH CRITICAL
CVSS changed
Apr 24, 2026 - 00:22 NVD
8.1 (HIGH) 9.3 (CRITICAL)
EUVD ID Assigned
Apr 24, 2026 - 00:15 euvd
EUVD-2026-25360
Analysis Generated
Apr 24, 2026 - 00:15 vuln.today
CVE Published
Apr 23, 2026 - 23:52 nvd
CRITICAL 9.3

DescriptionCVE.org

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.

AnalysisAI

Authentication bypass in SenseLive X3050 web management interface allows remote unauthenticated attackers to gain administrative access using default or previously-set credentials. After factory restore via SenseLive Config 2.0 tool, password updates fail to propagate correctly - the interface falsely reports success while the backend continues accepting old credentials. CISA ICS-CERT has issued an advisory (ICSA-26-111-12), indicating this affects industrial control system deployments. With CVSS 9.3 (AV:N/AC:L/PR:N) and CWE-522 (Insufficiently Protected Credentials), this represents critical risk for remotely accessible devices where administrators believe credentials have been changed but remain exploitable.

Technical ContextAI

This vulnerability affects the SenseLive X3050 web management interface, an industrial control system component. The root cause is CWE-522 (Insufficiently Protected Credentials), indicating the credential storage or update mechanism fails to properly enforce password changes. The vulnerability manifests specifically after using the SenseLive Config 2.0 configuration tool to perform factory restores. The web interface's frontend and backend are improperly synchronized - the UI layer reports successful password updates while the authentication backend fails to commit the new credentials to persistent storage or continues validating against stale credential databases. This represents a fundamental flaw in the credential lifecycle management process, where state transitions (factory reset, password change) do not atomically update all authentication enforcement points. CVSS 4.0 vector indicates network-accessible attack surface with no complexity barriers, affecting an industrial automation/building management system product per CPE classification.

RemediationAI

Primary action: Contact SenseLive immediately via https://senselive.io/contact to obtain patched firmware addressing credential update enforcement in post-factory-reset scenarios. Monitor CISA advisory ICSA-26-111-12 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12 and CSAF file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json for vendor patch announcements and updated remediation guidance. Immediate compensating controls until patch deployment: (1) Isolate all X3050 devices from internet access and restrict to dedicated management VLANs with strict firewall rules permitting only authorized administrator IPs. (2) After any password change operation, independently verify credential enforcement by attempting login with previous passwords from separate workstation - if old credentials still work, the device remains compromised and must be isolated. (3) Implement network-based authentication logging and alerting to detect unauthorized access attempts using default credentials. (4) If factory reset is required for operational reasons, assume device credentials remain in compromised state and maintain network isolation until vendor-confirmed fix is applied. Trade-off: Network isolation may impair remote monitoring capabilities but is necessary given authentication bypass severity. Do not rely on web interface success messages for password updates - always verify through independent authentication testing.

Share

CVE-2026-39462 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy