Copeland XWEB and XWEB Pro
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code.
The following versions of Copeland XWEB and XWEB Pro are affected:
XWEB 300D PRO <=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)
XWEB 500D PRO <=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)
XWEB 500B PRO <=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)
CVSS
Vendor
Equipment
Vulnerabilities
v3 10
Copeland
Copeland XWEB and XWEB Pro
Unexpected Status Code or Return Value, Use of a Broken or Risky Cryptographic Algorithm, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Stack-based Buffer Overflow
Background
Critical Infrastructure Sectors: Commercial Facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States
Vulnerabilities
Expand All +
CVE-2026-25085
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-394 Unexpected Status Code or Return Value
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8.6
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVE-2026-21718
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2026-24663
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
9
CRITICAL
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2026-21389
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-25111
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-20742
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-24517
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-25195
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-20910
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-24689
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-25109
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-20902
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-24695
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-25105
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-24452
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-23702
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-25721
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-20764
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote code execution.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-25196
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-25037
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-22877
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
3.7
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2026-20797
A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
4.3
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2026-3037
An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed during system setup, leading to remote code execution.
View CVE Details
Affected Products
Copeland XWEB and XWEB Pro
Vendor:Copeland
Product Version:Copeland XWEB 300D PRO: <=1.12.1, Copeland XWEB 500D PRO: <=1.12.1, Copeland XWEB 500B PRO: <=1.12.1
Product Status:known_affected
Remediations
MitigationCopeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.
MitigationAlternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.
Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
CVSS Version
Base Score
Base Severity
Vector String
3.1
8
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Acknowledgments
Amir Zaltzman and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA
Legal Notice and Terms of Use
This product is provided subject to this Notification (
https://www.cisa.gov/notification) and this Privacy & Use policy (
https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
Revision History
Initial Release Date: 2026-02-26
Date
Revision
Summary
2026-02-26
1
Initial Publication
Legal Notice and Terms of Use
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10
2026-02-26 12:00 UTC
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (2:263/1)