Description
An OS command injection





vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into parameters of the Modbus command tool in
the debug route.
Published: 2026-02-27
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an OS command injection that allows an authenticated attacker to inject arbitrary commands into the Modbus command tool debug route parameters. This flaw can lead to remote code execution, giving attackers full control over the affected system and resulting in unauthorized data access, modification, takeover, and service disruption. The core weakness stems from insufficient input validation when processing user supplied command parameters.

Affected Systems

The flaw affects Copeland XWEB 300D Pro, XWEB 500B Pro, and XWEB 500D Pro devices running firmware version 1.12.1 or earlier. These models are commonly deployed in industrial control environments where reliable security is essential.

Risk and Exploitability

The CVSS base score of 8.0 indicates a high severity vulnerability. The EPSS score of less than 1% implies that exploitation is currently unlikely, and the flaw is not listed in CISA’s KEV catalog. Nonetheless, exploitation requires authenticated access to the Modbus debug route, typically available to maintenance personnel over the network. If an attacker gains such access—whether through compromised credentials or an unprotected management network—they can execute arbitrary commands with the privileges of the XWEB Pro system. Given the high impact of remote code execution, the risk remains significant and warrants prompt engagement.

Generated by OpenCVE AI on April 16, 2026 at 15:41 UTC.

Remediation

Vendor Solution

Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.

OpenCVE Recommended Actions

  • Apply the latest firmware update for the affected XWEB Pro models by downloading the update from Copeland’s software update page or performing an in‑band update via the SYSTEM → Updates → Network menu.
  • Restrict authentication to the Modbus debug route by disabling the debug mode or enforcing strict role‑based access controls so that only trusted maintenance personnel can use it.
  • Segregate the XWEB Pro devices from public or untrusted networks using firewall rules or network segmentation to limit exposure of the debug route to legitimate management traffic only.

Generated by OpenCVE AI on April 16, 2026 at 15:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware
CPEs cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*
Vendors & Products Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro
Vendors & Products Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro

Fri, 27 Feb 2026 01:30:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route.
Title Copeland XWEB and XWEB Pro OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Copeland Copeland Xweb 300d Pro Copeland Xweb 500b Pro Copeland Xweb 500d Pro Xweb 300d Pro Xweb 300d Pro Firmware Xweb 500b Pro Xweb 500b Pro Firmware Xweb 500d Pro Xweb 500d Pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-02T12:47:45.130Z

Reserved: 2026-02-05T16:47:16.532Z

Link: CVE-2026-25105

cve-icon Vulnrichment

Updated: 2026-03-02T12:47:40.915Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T02:16:19.800

Modified: 2026-02-27T23:07:06.143

Link: CVE-2026-25105

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:45:16Z

Weaknesses