SenseLive X3050 EUVD-2026-25361

| CVE-2026-40431 MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2026-04-23 icscert GHSA-49v9-j5ff-rj5w
Information Disclosure X3050
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 24, 2026 - 00:48 vuln.today
CVSS changed
Apr 24, 2026 - 00:22 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)

DescriptionNVD

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information.

AnalysisAI

SenseLive X3050 web management interface transmits all administrative communication including authentication credentials and configuration data over unencrypted HTTP, allowing network-adjacent attackers to intercept sensitive operational information without authentication or user interaction. The vulnerability affects all versions of the X3050 and is classified as information disclosure with confirmed CISA ICS advisory coverage.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-25361 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy