CVE-2026-25105

High CVSS: 8.0

An OS command injection

vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into parameters of the Modbus command tool in
the debug route.

Vendor

Copeland

Product

Xweb 300d Pro Firmware

CWE

CWE-78

Yayın Tarihi

2026-02-27 02:16:19

Güncelleme

2026-02-27 23:07:06

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-78 Xweb 300d Pro Firmware HIGH Copeland 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

Benzer Kayıtlar

High

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker t…

High

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

Medium

CVE-2026-20797

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated att…