CVE-2026-40623
Published: 24 April 2026
Summary
CVE-2026-40623 is a high-severity Missing Authorization (CWE-862) vulnerability in Senselive X3500 Firmware. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 enforces approved authorizations for logical access to sensitive configuration functions in the web management interface, directly mitigating the missing authorization (CWE-862).
SI-10 validates inputs to critical parameters such as IP addressing, watchdog timers, and service ports, preventing them from being set to unsupported or unsafe values.
CM-5 authorizes and restricts access to system configuration changes, preventing low-privilege authenticated users from destabilizing device operation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in the web management interface enables exploitation of a public-facing application (T1190) to modify critical configurations including recovery mechanisms like watchdog timers, facilitating inhibition of system recovery (T1490) and persistent device unavailability.
NVD Description
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers,…
more
reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.
Deeper analysisAI
CVE-2026-40623 is a vulnerability in the web management interface of the SenseLive X3050 device that enables modification of critical system and network configuration parameters without sufficient validation and safety controls. Parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values, directly affecting core device behavior and recovery mechanisms. This issue stems from inadequate enforcement of constraints on sensitive functions (CWE-862: Missing Authorization), potentially destabilizing device operation or rendering it persistently unavailable. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
Attackers with low privileges, such as authenticated users accessing the web management interface over the network, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows modification of configurations to unsupported values, leading to high-impact integrity and availability disruptions, including device destabilization or persistent unavailability, while confidentiality remains unaffected.
Mitigation guidance is available in official advisories, including CISA ICS Advisory ICSA-26-111-12 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12, the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json, and SenseLive contact information at https://senselive.io/contact.
Details
- CWE(s)