CVE-2026-40431

SenseLive X3050 Cleartext transmission of sensitive information

CVSS 6.9 MEDIUMEPSS 0.2%CWE-319

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 abr 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

SenseLive · X3050

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json https://senselive.io/contact https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12