Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability exists in SenseLive
X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after legitimate user activity has ceased.
AnalysisAI
Improper session lifetime enforcement in SenseLive X3050's web management interface allows attackers with access to a previously authenticated session to maintain administrative access without re-authentication, potentially enabling unauthorized configuration changes or information disclosure. The vulnerability affects the product's session management mechanism, permitting extended session validity beyond legitimate user activity windows. CVSS 6.9 indicates moderate risk; exploitation requires prior session compromise but no special configuration.
Technical ContextAI
SenseLive X3050 is an industrial control system device with a web-based management interface. The vulnerability stems from CWE-613 (Insufficient Session Expiration), a session management flaw where the application fails to enforce proper session timeout policies or adequately validate session state during user interactions. The web interface likely maintains authenticated session tokens (cookies or similar mechanisms) without enforcing expiration thresholds or re-authentication challenges for sensitive operations. This is particularly critical in ICS/OT environments where administrative sessions control device configuration, potentially affecting grid stability or sensor network integrity.
RemediationAI
Contact SenseLive via senselive.io/contact for patch availability and specific remediation guidance, as no vendor-released patch version is confirmed in available data. Implement session timeout policies on the X3050 device: configure maximum session lifetime to a defensible threshold (e.g., 15-30 minutes of inactivity for administrative sessions, shorter for high-privilege operations), enforce re-authentication for sensitive administrative functions (configuration changes, user management), and deploy network segmentation to restrict web management interface access to trusted administrative networks only, using firewall rules or VLANs to isolate the device from untrusted segments. Enable session logging and audit trails to detect anomalous administrative activity. Monitor CISA ICS Advisory ICSA-26-111-12 for patched firmware versions and vendor updates. These compensating controls reduce but do not eliminate risk if prior session compromise has occurred.
More in X3500 Firmware
View allSame weakness CWE-613 – Insufficient Session Expiration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25348
GHSA-hjc2-p4mc-rcpr