Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device.
AnalysisAI
Cross-Site Request Forgery in SenseLive X3050's web management interface enables authenticated attackers to force victims into executing unauthorized configuration changes and potentially disruptive operations. A remote attacker with low privileges can craft malicious web pages that, when visited by an authenticated administrator, trigger state-changing requests without the victim's knowledge, leading to high integrity and availability impact on the device. CISA ICS-CERT has issued an advisory (ICSA-26-111-12) for this industrial control system component, indicating coordination with the vendor and awareness within the critical infrastructure community.
Technical ContextAI
This vulnerability affects the web-based management interface of SenseLive X3050, an industrial sensing and monitoring device. The root cause is CWE-352 (Cross-Site Request Forgery), a web security weakness where applications fail to verify that requests originate from legitimate sources. Modern web frameworks typically defend against CSRF through synchronizer tokens (unique per-session values embedded in forms), double-submit cookies, or SameSite cookie attributes. The X3050's interface lacks these protections entirely and performs no server-side validation of request origin headers (Referer/Origin), allowing attackers to craft HTML forms or JavaScript on external domains that submit authenticated requests to the device. The CVSS 4.0 vector indicates network-based attack vector with low complexity and no attack complexity modifiers, requiring only low privileges (an authenticated session cookie) but no user interaction beyond visiting a malicious page-the browser automatically includes authentication cookies in cross-site requests unless explicitly prevented.
RemediationAI
Consult CISA ICS-CERT advisory ICSA-26-111-12 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12) and vendor CSAF document (https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json) for official patched firmware versions and upgrade instructions-patch availability not confirmed from provided data, contact SenseLive (https://senselive.io/contact) for fix status. Until patched, implement network-level compensating controls: restrict management interface access to dedicated admin workstations on isolated VLANs with no internet access, deploy web proxies that enforce SameSite=Strict cookie policies if supported, and block cross-origin requests to device IP ranges at network perimeter. Configure web browsers used for device administration with extensions that require explicit confirmation for cross-origin POST requests, though this degrades usability and relies on human vigilance. Train administrators never to browse untrusted websites from systems or network segments with access to industrial control devices. These workarounds reduce but do not eliminate risk, as sophisticated attackers may compromise admin workstations directly or exploit trust relationships within the isolated network.
Unauthenticated remote attackers can retrieve and replace firmware on SenseLive X3050 industrial control devices via the
SenseLive X3050's embedded management service grants full administrative control to unauthenticated remote attackers. Th
Client-side authentication bypass in SenseLive X3050's web management interface allows remote unauthenticated attackers
Authentication bypass in SenseLive X3050 web management interface allows remote unauthenticated attackers to gain admini
Remote unauthenticated attackers can permanently disable SenseLive X3050 industrial gateways and connected RS-485 downst
Unauthenticated network discovery in SenseLive X3050 management ecosystem exposes device presence, identifiers, and mana
Unauthorized configuration tampering in SenseLive X3050 web management interface allows authenticated attackers to set c
SenseLive X3050 web management interface transmits all administrative communication including authentication credentials
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25352
GHSA-245p-p394-pw8w