Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.
AnalysisAI
Unauthorized configuration tampering in SenseLive X3050 web management interface allows authenticated attackers to set critical system parameters (IP addressing, watchdog timers, reconnect intervals, service ports) to unsafe values, causing persistent device unavailability or operational instability. CISA ICS-CERT advisory confirms impact on industrial control systems. Network-accessible with low complexity (AV:N/AC:L) but requires low-privilege authentication (PR:L). High integrity and availability impact (VI:H/VA:H) with zero confidentiality impact. No public exploit identified at time of analysis.
Technical ContextAI
This vulnerability stems from CWE-862 (Missing Authorization), where the SenseLive X3050 web management interface fails to implement proper authorization checks and input validation on critical configuration endpoints. The affected product is an industrial IoT device per CPE string cpe:2.3:a:senselive:x3050. The CVSS 4.0 vector indicates high integrity and availability impact with network attack surface, suggesting the web interface accepts authenticated API calls or form submissions that modify device configuration without verifying parameter ranges, business logic constraints, or safety thresholds. Unlike typical input validation flaws that cause crashes, this missing authorization allows logically valid but operationally dangerous values (e.g., setting watchdog timeout to zero, binding critical services to unreachable IPs, configuring reconnect intervals that prevent recovery). The authentication bypass tag combined with PR:L suggests the interface either accepts low-privilege credentials or inadequately segregates administrative functions from standard user roles.
RemediationAI
Consult CISA ICS-CERT advisory ICSA-26-111-12 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12 for vendor-specific patch information and mitigation guidance. Contact SenseLive directly via https://senselive.io/contact for firmware updates addressing CWE-862 authorization controls. Until patched, implement network-level access controls: restrict web management interface access to dedicated management VLANs using firewall rules blocking TCP ports commonly used for web interfaces (80/443) from untrusted networks. Deploy multi-factor authentication if supported to raise authentication bar beyond PR:L. Enable configuration change logging and alerting to detect unauthorized parameter modifications. Consider disabling remote web interface entirely and requiring physical console access for configuration changes in high-security deployments, though this trades security for operational flexibility. Regularly audit user account privileges to ensure least-privilege access, preventing low-privilege accounts from accessing configuration endpoints. Note that network segmentation does not prevent insider threats or credential compromise scenarios.
Unauthenticated remote attackers can retrieve and replace firmware on SenseLive X3050 industrial control devices via the
SenseLive X3050's embedded management service grants full administrative control to unauthenticated remote attackers. Th
Client-side authentication bypass in SenseLive X3050's web management interface allows remote unauthenticated attackers
Authentication bypass in SenseLive X3050 web management interface allows remote unauthenticated attackers to gain admini
Remote unauthenticated attackers can permanently disable SenseLive X3050 industrial gateways and connected RS-485 downst
Unauthenticated network discovery in SenseLive X3050 management ecosystem exposes device presence, identifiers, and mana
Cross-Site Request Forgery in SenseLive X3050's web management interface enables authenticated attackers to force victim
SenseLive X3050 web management interface transmits all administrative communication including authentication credentials
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25363
GHSA-cg8c-rhc6-wgg5