CVE-2026-20764

High CVSS: 8.0

An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
providing malicious input via the device hostname configuration which
is later processed during system setup, resulting in remote code
execution.

Vendor

Copeland

Product

Xweb 300d Pro Firmware

CWE

CWE-78

Yayın Tarihi

2026-02-27 02:16:18

Güncelleme

2026-02-27 23:11:05

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-78 Xweb 300d Pro Firmware HIGH Copeland 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

Benzer Kayıtlar

High

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker t…

High

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated atta…

Medium

CVE-2026-20797

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated att…