CISA 2026-04-21

SenseLive X3050

Machine-generated analysis · WAYSCloud LLM

Vendor did not respond to coordination requests. Ten distinct CVEs affect a single firmware version.

Context

SenseLive X3050 is an IoT device used in critical infrastructure sectors including manufacturing, water, and energy. The advisory states that exploitation could allow complete device takeover due to multiple authentication and session management flaws. The vendor did not participate in coordination, and the advisory lists ten separate CVEs affecting only firmware version V1.523.

Operator considerations

Check: Inventory for SenseLive X3050 devices running firmware V1.523
Isolate: Segment X3050 devices from critical networks and restrict web interface access
Patch: Contact vendor at https://senselive.io/contact as no patch information is provided
Log: Monitor for unauthorized access attempts to device configuration endpoints

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device.

The following versions of SenseLive X3050 are affected:

X3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE-2026-40623, CVE-2026-27841, CVE-2026-40620, CVE-2026-35064, CVE-2026-25775)

Vendor

Equipment

SenseLive

SenseLive X3050

Authentication Bypass Using an Alternate Path or Channel, Insufficient Session Expiration, Use of Hard-coded Credentials, Insufficiently Protected Credentials, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information, Missing Authorization, Cross-Site Request Forgery (CSRF)

Critical Infrastructure Sectors: Critical Manufacturing, Water and Wastewater, Energy, Information Technology

Countries/Areas Deployed: Worldwide

Company Headquarters Locati...

Read the full advisory on CISA →