CVE-2026-27843
Published: 24 April 2026
Summary
CVE-2026-27843 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Senselive X3500 Firmware. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent unauthenticated attackers from modifying critical configuration parameters via the web management interface.
Provides server-side validation of inputs to block unsupported or disruptive values applied to recovery mechanisms and network settings.
Establishes procedures for system recovery and reconstitution to address persistent lockout states requiring console-based factory resets.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vuln in unauthenticated web management interface directly enables T1190 (Exploit Public-Facing Application). Config changes to recovery mechanisms and settings produce persistent lockout, mapping to T1490 (Inhibit System Recovery) and T1499 (Endpoint Denial of Service) with high I/A impact.
NVD Description
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a…
more
persistent lockout state. Because the device lacks a physical reset button, recovery requires specialized technical access via the console to perform a factory reset, resulting in a total denial-of-service for the gateway and its connected RS-485 downstream systems.
Deeper analysisAI
CVE-2026-27843 is a critical vulnerability in the web management interface of the SenseLive X3050 gateway device, published on 2026-04-24. It stems from insufficient authentication and server-side validation (CWE-306), enabling unauthorized modification of critical configuration parameters, such as recovery mechanisms and network settings. With a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), the flaw allows attackers to apply unsupported or disruptive values, resulting in a persistent lockout state. The absence of a physical reset button means recovery requires specialized console access for a factory reset, rendering the device and its connected RS-485 downstream systems completely unavailable.
The vulnerability is exploitable over the network by any unauthenticated attacker with access to the web interface, requiring low complexity and no user interaction. Successful exploitation induces a total denial-of-service condition, disrupting both the gateway's functionality and downstream industrial control systems reliant on RS-485 communications. Attackers cannot directly access confidential data (no impact on C), but the high integrity and availability impacts make it particularly severe for operational technology environments.
CISA's ICS Advisory ICSA-26-111-12, along with the corresponding CSAF document on GitHub and SenseLive's contact page, detail mitigation strategies. Security practitioners should consult these resources for vendor-recommended patches, configuration hardening, or workarounds to prevent unauthorized access to the web interface.
Details
- CWE(s)