CVE-2026-21718

Critical CVSS: 10.0

An authentication bypass vulnerability exists in Copeland XWEB Pro
version 1.12.1 and prior, enabling any attackers to bypass the
authentication requirement and achieve pre-authenticated code execution
on the system.

Vendor

Copeland

Product

Xweb 300d Pro Firmware

CWE

CWE-327

Yayın Tarihi

2026-02-27 01:16:18

Güncelleme

2026-02-27 23:11:48

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-327 Xweb 300d Pro Firmware CRITICAL Copeland 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

Benzer Kayıtlar

High

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker t…

High

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated atta…

High

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…