CVE-2026-40623HIGH 8.1EPSS p24.0%

CVE-2026-40623CVE-2026-40623

Description

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.32% probability of exploitation · percentile 24.0% · 2026-06-18T12:00:27Z
Published2026-04-24
Last modified2026-04-28

Underlying weaknesses· 1

CWE-862

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json
  2. https://senselive.io/contact
  3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27843
CVE
CVE-2026-40630
CVE
CVE-2026-40620
CVE
CVE-2026-35503
CVE
CVE-2026-27841
CVE
CVE-2026-39462
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.