SenseLive X3050 Flaws Allow Unauthenticated Admin Access and Persistent Device Lockout
Multiple high-severity vulnerabilities in the SenseLive X3050 industrial gateway expose its web and embedded management interfaces to unauthenticated or improperly authorized remote access. The issues tracked as CVE-2026-40620, CVE-2026-40630, CVE-2026-40623, and CVE-2026-27843 include missing authentication for critical functions, authentication bypass via an alternate path or channel, and missing authorization. Collectively, the flaws allow attackers with network reachability to access sensitive configuration endpoints, gain administrative control of the configuration application, and change operational modes, service ports, watchdog timers, reconnect intervals, IP settings, and other critical parameters.
The reported impact spans confidentiality, integrity, and availability, with CVSS scoring indicating network-exploitable, low-complexity attacks and high-severity outcomes. Successful exploitation can destabilize the gateway, cause persistent denial of service, and in the case of CVE-2026-27843, lock the device into a state that also disrupts connected RS-485 downstream systems. Recovery may be especially difficult because the X3050 reportedly lacks a physical reset button, requiring specialized console access for a factory reset after destructive configuration changes.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
CVE-2026-40630 assigned for SenseLive X3050 auth bypass
CVE-2026-40630 was assigned to an authentication bypass vulnerability in the SenseLive X3050 web management interface that allows network-accessible attackers to reach sensitive configuration endpoints without authorization.
CVE-2026-27843 assigned for lockout-causing config flaw
CVE-2026-27843 was assigned to a missing-authentication flaw in the SenseLive X3050 web management interface that lets an unauthenticated attacker set disruptive values, potentially causing persistent lockout and denial of service requiring console-based factory reset.
CVE-2026-40623 assigned for unsafe configuration changes
CVE-2026-40623 was assigned to a missing-authorization issue in the SenseLive X3050 web management interface that permits modification of critical system and network settings, potentially destabilizing the device or making it unavailable.
CVE-2026-40620 assigned for unauthenticated admin access
CVE-2026-40620 was assigned to a missing-authentication flaw in the SenseLive X3050 embedded management service that allows a remote unauthenticated attacker to gain full administrative control over the configuration application.
ICS-CERT receives four SenseLive X3050 vulnerability reports
On April 24, 2026, ICS-CERT/CISA received multiple vulnerability reports affecting the SenseLive X3050, including authentication bypass, missing authentication, and missing authorization flaws in its web and embedded management interfaces.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
CVE-2026-40630 - SenseLive X3050 Authentication bypass using an alternate path or channel
cvefeed.io
Open sourceCVE-2026-40620 - SenseLive X3050 Missing authentication for critical function
cvefeed.io
Open sourceCVE-2026-40623 - SenseLive X3050 Missing Authorization
cvefeed.io
Open sourceCVE-2026-27843 - SenseLive X3050 Missing authentication for critical function
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Critical RCE and Default Password Flaws Disclosed in Silex SD-330AC and AMC Manager
Silex Technology's **SD-330AC** and **AMC Manager** were disclosed with two serious vulnerabilities that expose devices to remote compromise and unauthorized reconfiguration. The most severe issue, `CVE-2026-32956`, is a **heap-based buffer overflow** in redirect URL processing that can enable **arbitrary code execution** over the network without authentication or user interaction. The flaw is tracked as `CWE-122` and carries a critical `CVSS v3.1` vector of `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`, indicating full compromise of confidentiality, integrity, and availability is possible. A second flaw, `CVE-2026-32965`, affects devices left in their **factory-default state** and allows them to be configured with a **null string password**, creating an insecure initialization condition. Classified as `CWE-1188`, the vulnerability is network-accessible and primarily threatens device integrity, with a `CVSS v3.1` vector of `AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N`. The issues were reported through **JPCERT/CC** and published via **JVN** and Silex security advisories in Japanese and English, putting administrators on notice to review exposed deployments and initialization practices.
Apr 22, 2026
CISA ICS advisories flag critical missing-authentication flaws in industrial and broadcast devices
CISA published ICS advisories warning of **critical “missing authentication for critical function”** weaknesses (CWE-306) that expose device management/control interfaces to unauthenticated access. **Synectix LAN 232 TRIO** (3-port serial-to-Ethernet adapter) is affected in **all versions** under **CVE-2026-1633** with **CVSS 3.1 10.0**, enabling unauthenticated attackers to **modify critical device settings** or **factory reset** the device. **Avation Light Engine Pro** is also affected in **all versions** under **CVE-2026-1341** with **CVSS 3.1 9.8**, allowing an attacker to **take full control** of the device due to an exposed configuration/control interface without authentication. Separate reporting highlighted a similar CISA alert for **KiloView Encoder Series** devices, tracked as **CVE-2026-1453** with **CVSS 9.8**, where missing authentication allows unauthenticated users to perform administrative actions such as **creating or deleting administrator accounts**, potentially granting full administrative control and enabling disruption or hijacking of broadcast/streaming workflows. The KiloView issue was described as affecting multiple Encoder Series models and specific firmware/hardware combinations (e.g., E1/E1-s/E2 with listed firmware versions), reinforcing the broader risk of internet- or enterprise-exposed device management planes lacking access control.
Mar 21, 2026
Cisco IOS XE Flaws Enable Remote Code Execution and Device Takeover
Multiple vulnerabilities in **Cisco IOS** and **Cisco IOS XE** devices have exposed routers, switches, access points, and Catalyst 9000 platforms to severe compromise, including **remote code execution**, **denial of service**, **access control bypass**, **privilege escalation**, **secure boot bypass**, **cross-site scripting**, and memory corruption. Traficom highlighted newly disclosed flaws such as `CVE-2025-20334` and `CVE-2025-20363`, which may allow arbitrary code execution, and urged organizations to update affected products in line with Cisco’s version-specific advisories. The warning follows earlier real-world attacks against internet-exposed Cisco IOS XE Web GUI instances, where attackers exploited `CVE-2023-20198` and `CVE-2023-20273` to create unauthorized administrator accounts, install a backdoor implant, and seize full control of devices. Cisco Talos reported the campaign affected exposed systems internationally, with tens of thousands of vulnerable devices identified online, while Finnish authorities said some domestic devices had already been backdoored and advised restricting Web GUI access to trusted networks or removing public internet exposure entirely.
Apr 22, 2026