CVE-2026-3037

High CVSS: 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker to achieve remote code
execution on the system by modifying malicious input injected into the
MBird SMS service URL and/or code via the utility route which is later
processed during system setup, leading to remote code execution.

Vendor

Copeland

Product

Xweb 300d Pro Firmware

CWE

CWE-78

Yayın Tarihi

2026-02-27 02:16:20

Güncelleme

2026-02-28 01:13:53

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-78 Xweb 300d Pro Firmware HIGH Copeland 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

Benzer Kayıtlar

High

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated atta…

High

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

Medium

CVE-2026-20797

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated att…