SenseLive X3050 Flaws Allow Unauthenticated Admin Access and Persistent Device Lockout
Multiple high-severity vulnerabilities in the SenseLive X3050 industrial gateway expose its web and embedded management interfaces to unauthenticated or improperly authorized remote access. The issues tracked as CVE-2026-40620, CVE-2026-40630, CVE-2026-40623, and CVE-2026-27843 include missing authentication for critical functions, authentication bypass via an alternate path or channel, and missing authorization. Collectively, the flaws allow attackers with network reachability to access sensitive configuration endpoints, gain administrative control of the configuration application, and change operational modes, service ports, watchdog timers, reconnect intervals, IP settings, and other critical parameters.
The reported impact spans confidentiality, integrity, and availability, with CVSS scoring indicating network-exploitable, low-complexity attacks and high-severity outcomes. Successful exploitation can destabilize the gateway, cause persistent denial of service, and in the case of CVE-2026-27843, lock the device into a state that also disrupts connected RS-485 downstream systems. Recovery may be especially difficult because the X3050 reportedly lacks a physical reset button, requiring specialized console access for a factory reset after destructive configuration changes.
Timeline
Apr 24, 2026
CVE-2026-40630 assigned for SenseLive X3050 auth bypass
CVE-2026-40630 was assigned to an authentication bypass vulnerability in the SenseLive X3050 web management interface that allows network-accessible attackers to reach sensitive configuration endpoints without authorization.
Apr 24, 2026
CVE-2026-27843 assigned for lockout-causing config flaw
CVE-2026-27843 was assigned to a missing-authentication flaw in the SenseLive X3050 web management interface that lets an unauthenticated attacker set disruptive values, potentially causing persistent lockout and denial of service requiring console-based factory reset.
Apr 24, 2026
CVE-2026-40623 assigned for unsafe configuration changes
CVE-2026-40623 was assigned to a missing-authorization issue in the SenseLive X3050 web management interface that permits modification of critical system and network settings, potentially destabilizing the device or making it unavailable.
Apr 24, 2026
CVE-2026-40620 assigned for unauthenticated admin access
CVE-2026-40620 was assigned to a missing-authentication flaw in the SenseLive X3050 embedded management service that allows a remote unauthenticated attacker to gain full administrative control over the configuration application.
Apr 24, 2026
ICS-CERT receives four SenseLive X3050 vulnerability reports
On April 24, 2026, ICS-CERT/CISA received multiple vulnerability reports affecting the SenseLive X3050, including authentication bypass, missing authentication, and missing authorization flaws in its web and embedded management interfaces.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
Critical RCE and Default Password Flaws Disclosed in Silex SD-330AC and AMC Manager
Silex Technology's **SD-330AC** and **AMC Manager** were disclosed with two serious vulnerabilities that expose devices to remote compromise and unauthorized reconfiguration. The most severe issue, `CVE-2026-32956`, is a **heap-based buffer overflow** in redirect URL processing that can enable **arbitrary code execution** over the network without authentication or user interaction. The flaw is tracked as `CWE-122` and carries a critical `CVSS v3.1` vector of `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`, indicating full compromise of confidentiality, integrity, and availability is possible. A second flaw, `CVE-2026-32965`, affects devices left in their **factory-default state** and allows them to be configured with a **null string password**, creating an insecure initialization condition. Classified as `CWE-1188`, the vulnerability is network-accessible and primarily threatens device integrity, with a `CVSS v3.1` vector of `AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N`. The issues were reported through **JPCERT/CC** and published via **JVN** and Silex security advisories in Japanese and English, putting administrators on notice to review exposed deployments and initialization practices.
1 weeks ago
CISA ICS advisories flag critical missing-authentication flaws in industrial and broadcast devices
CISA published ICS advisories warning of **critical “missing authentication for critical function”** weaknesses (CWE-306) that expose device management/control interfaces to unauthenticated access. **Synectix LAN 232 TRIO** (3-port serial-to-Ethernet adapter) is affected in **all versions** under **CVE-2026-1633** with **CVSS 3.1 10.0**, enabling unauthenticated attackers to **modify critical device settings** or **factory reset** the device. **Avation Light Engine Pro** is also affected in **all versions** under **CVE-2026-1341** with **CVSS 3.1 9.8**, allowing an attacker to **take full control** of the device due to an exposed configuration/control interface without authentication. Separate reporting highlighted a similar CISA alert for **KiloView Encoder Series** devices, tracked as **CVE-2026-1453** with **CVSS 9.8**, where missing authentication allows unauthenticated users to perform administrative actions such as **creating or deleting administrator accounts**, potentially granting full administrative control and enabling disruption or hijacking of broadcast/streaming workflows. The KiloView issue was described as affecting multiple Encoder Series models and specific firmware/hardware combinations (e.g., E1/E1-s/E2 with listed firmware versions), reinforcing the broader risk of internet- or enterprise-exposed device management planes lacking access control.
1 months ago
Cisco IOS XE Flaws Enable Remote Code Execution and Device Takeover
Multiple vulnerabilities in **Cisco IOS** and **Cisco IOS XE** devices have exposed routers, switches, access points, and Catalyst 9000 platforms to severe compromise, including **remote code execution**, **denial of service**, **access control bypass**, **privilege escalation**, **secure boot bypass**, **cross-site scripting**, and memory corruption. Traficom highlighted newly disclosed flaws such as `CVE-2025-20334` and `CVE-2025-20363`, which may allow arbitrary code execution, and urged organizations to update affected products in line with Cisco’s version-specific advisories. The warning follows earlier real-world attacks against internet-exposed Cisco IOS XE Web GUI instances, where attackers exploited `CVE-2023-20198` and `CVE-2023-20273` to create unauthorized administrator accounts, install a backdoor implant, and seize full control of devices. Cisco Talos reported the campaign affected exposed systems internationally, with tens of thousands of vulnerable devices identified online, while Finnish authorities said some domestic devices had already been backdoored and advised restricting Web GUI access to trusted networks or removing public internet exposure entirely.
1 weeks ago