CVE-2026-35064

HIGH

SenseLive X3050 Missing authentication for critical function

Title source: cna

Description

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.

References (3)

Core 3

Core References

https://senselive.io/contact

https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0036

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (2)

SenseLive/X3050 V1.523

senselive/x3500_firmware 1.523

Published Apr 24, 2026

Tracked Since Apr 24, 2026