Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.
AnalysisAI
Authentication bypass in SenseLive X3050 web management interface allows remote unauthenticated attackers to gain administrative access using default or previously-set credentials. After factory restore via SenseLive Config 2.0 tool, password updates fail to propagate correctly - the interface falsely reports success while the backend continues accepting old credentials. CISA ICS-CERT has issued an advisory (ICSA-26-111-12), indicating this affects industrial control system deployments. With CVSS 9.3 (AV:N/AC:L/PR:N) and CWE-522 (Insufficiently Protected Credentials), this represents critical risk for remotely accessible devices where administrators believe credentials have been changed but remain exploitable.
Technical ContextAI
This vulnerability affects the SenseLive X3050 web management interface, an industrial control system component. The root cause is CWE-522 (Insufficiently Protected Credentials), indicating the credential storage or update mechanism fails to properly enforce password changes. The vulnerability manifests specifically after using the SenseLive Config 2.0 configuration tool to perform factory restores. The web interface's frontend and backend are improperly synchronized - the UI layer reports successful password updates while the authentication backend fails to commit the new credentials to persistent storage or continues validating against stale credential databases. This represents a fundamental flaw in the credential lifecycle management process, where state transitions (factory reset, password change) do not atomically update all authentication enforcement points. CVSS 4.0 vector indicates network-accessible attack surface with no complexity barriers, affecting an industrial automation/building management system product per CPE classification.
RemediationAI
Primary action: Contact SenseLive immediately via https://senselive.io/contact to obtain patched firmware addressing credential update enforcement in post-factory-reset scenarios. Monitor CISA advisory ICSA-26-111-12 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12 and CSAF file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json for vendor patch announcements and updated remediation guidance. Immediate compensating controls until patch deployment: (1) Isolate all X3050 devices from internet access and restrict to dedicated management VLANs with strict firewall rules permitting only authorized administrator IPs. (2) After any password change operation, independently verify credential enforcement by attempting login with previous passwords from separate workstation - if old credentials still work, the device remains compromised and must be isolated. (3) Implement network-based authentication logging and alerting to detect unauthorized access attempts using default credentials. (4) If factory reset is required for operational reasons, assume device credentials remain in compromised state and maintain network isolation until vendor-confirmed fix is applied. Trade-off: Network isolation may impair remote monitoring capabilities but is necessary given authentication bypass severity. Do not rely on web interface success messages for password updates - always verify through independent authentication testing.
Unauthenticated remote attackers can retrieve and replace firmware on SenseLive X3050 industrial control devices via the
SenseLive X3050's embedded management service grants full administrative control to unauthenticated remote attackers. Th
Client-side authentication bypass in SenseLive X3050's web management interface allows remote unauthenticated attackers
Remote unauthenticated attackers can permanently disable SenseLive X3050 industrial gateways and connected RS-485 downst
Unauthenticated network discovery in SenseLive X3050 management ecosystem exposes device presence, identifiers, and mana
Cross-Site Request Forgery in SenseLive X3050's web management interface enables authenticated attackers to force victim
Unauthorized configuration tampering in SenseLive X3050 web management interface allows authenticated attackers to set c
SenseLive X3050 web management interface transmits all administrative communication including authentication credentials
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25360
GHSA-fvx4-mqf9-ccvh