CVE-2026-25196

High CVSS: 8.0

An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the Wi-Fi SSID and/or password fields
can lead to remote code execution when the configuration is processed.

Vendor

Copeland

Product

Xweb 300d Pro Firmware

CWE

CWE-78

Yayın Tarihi

2026-02-27 02:16:20

Güncelleme

2026-02-27 23:06:36

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-78 Xweb 300d Pro Firmware HIGH Copeland 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

Benzer Kayıtlar

High

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker t…

High

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated atta…

High

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

Medium

CVE-2026-20797

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated att…