CVE 9.3 CRITICAL

SenseLive X3050 Missing authentication for critical function_CVE-2026-40620

April 23, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.

AI Analysis

Unauthenticated access to administrative control of SenseLive X3050 devices

Basic Information

ID CVE-2026-40620

Source icscert

Published Apr 24, 2026 at 00:02

Affected Product

Vendor SenseLive

Product X3050

Version V1.523

Affected Versions SenseLive X3050 V1.523

CWE Classification

CWE-306

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SenseLive

Product SenseLive X3050

Version V1.523

References

{
    "lastseen": "",
    "description": "A vulnerability in\u00a0SenseLive\u00a0X3050\u2019s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.",
    "published": "2026-04-24T00:02:57.571Z",
    "modified": "2026-04-24T00:02:57.571Z",
    "type": "cve",
    "title": "SenseLive X3050 Missing authentication for critical function",
    "source": "icscert",
    "references": "https://senselive.io/contact\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json",
    "id": "CVE-2026-40620",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "SenseLive X3050 V1.523",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X3050",
    "version": "V1.523",
    "vendor": "SenseLive",
    "ai_description": "Unauthenticated access to administrative control of SenseLive X3050 devices",
    "ai_severity": "Critical",
    "ai_vendor": "SenseLive",
    "ai_product": "SenseLive X3050",
    "ai_version": "V1.523",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply