Description
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into requests sent to the restore route.
Published: 2026-02-27
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An OS command injection flaw exists in Copeland XWEB Pro firmware version 1.12.1 and earlier, allowing an authenticated attacker to embed arbitrary operating‑system commands in requests to the device’s restore endpoint. This vulnerability permits remote code execution, which can compromise confidentiality, integrity, and availability of the entire system. The weakness aligns with CWE‑78, the classic command injection category.

Affected Systems

Copeland has disclosed that the affected products are the XWEB 300D PRO, XWEB 500B PRO, and XWEB 500D PRO. All firmware releases up to and including 1.12.1 are vulnerable. The vendor recommends installing the latest available firmware version through the Copeland software update portal or by using the System > Updates | Network menu on the device.

Risk and Exploitability

The CVSS score of 8 indicates a high severity. The EPSS score is less than 1%, showing that the likelihood of exploitation is very low, and the vulnerability is not listed in the CISA KEV catalog, so no active exploits are known. Exploitation requires authenticated access and ability to send crafted requests to the restore route, which typically means the attacker must have valid user credentials and network connectivity to the XWEB Pro. Once the restore request is processed, the attacker can execute arbitrary commands and gain full control of the device.

Generated by OpenCVE AI on April 16, 2026 at 15:44 UTC.

Remediation

Vendor Solution

Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.

OpenCVE Recommended Actions

  • Update the XWEB Pro firmware to the latest version available from Copeland’s software update site or via the device’s System > Updates | Network menu.
  • Until the patch is applied, block or restrict access to the restore endpoint, for example by applying firewall rules or disabling the restore feature through the device’s configuration if supported.
  • Reduce the attack surface by disabling or restricting internet access to the XWEB Pro, ensuring that only trusted internal users can log in.

Generated by OpenCVE AI on April 16, 2026 at 15:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware
CPEs cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*
Vendors & Products Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware

Mon, 02 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro
Vendors & Products Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro

Fri, 27 Feb 2026 01:00:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.
Title Copeland XWEB and XWEB Pro OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Copeland Copeland Xweb 300d Pro Copeland Xweb 500b Pro Copeland Xweb 500d Pro Xweb 300d Pro Xweb 300d Pro Firmware Xweb 500b Pro Xweb 500b Pro Firmware Xweb 500d Pro Xweb 500d Pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-02T18:44:08.313Z

Reserved: 2026-02-05T16:55:52.346Z

Link: CVE-2026-25111

cve-icon Vulnrichment

Updated: 2026-03-02T18:44:03.643Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T01:16:19.747

Modified: 2026-03-09T19:53:03.887

Link: CVE-2026-25111

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:45:16Z

Weaknesses