CVE 8.7 HIGH

SenseLive X3050 Missing authentication for critical function_CVE-2026-35064

April 23, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.

AI Analysis

Unauthenticated discovery of deployed units through the vendor's management protocol

Basic Information

ID CVE-2026-35064

Source icscert

Published Apr 24, 2026 at 00:04

Affected Product

Vendor SenseLive

Product X3050

Version V1.523

Affected Versions SenseLive X3050 V1.523

CWE Classification

CWE-306

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor SenseLive

Product SenseLive X3050

Version V1.523

References

{
    "lastseen": "",
    "description": "A vulnerability in\u00a0SenseLive\u00a0X3050\u2019s management ecosystem allows unauthenticated discovery of deployed units through the vendor\u2019s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.",
    "published": "2026-04-24T00:04:30.693Z",
    "modified": "2026-04-24T00:04:30.693Z",
    "type": "cve",
    "title": "SenseLive X3050 Missing authentication for critical function",
    "source": "icscert",
    "references": "https://senselive.io/contact\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json",
    "id": "CVE-2026-35064",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "SenseLive X3050 V1.523",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X3050",
    "version": "V1.523",
    "vendor": "SenseLive",
    "ai_description": "Unauthenticated discovery of deployed units through the vendor's management protocol",
    "ai_severity": "High",
    "ai_vendor": "SenseLive",
    "ai_product": "SenseLive X3050",
    "ai_version": "V1.523",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply