Description
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the Wi-Fi SSID and/or password fields
can lead to remote code execution when the configuration is processed.
Published: 2026-02-27
Score: 8 High
EPSS: 1.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An OS command injection flaw in XWEB Pro version 1.12.1 or earlier permits an authenticated attacker to inject arbitrary shell commands by entering malicious data into the Wi‑Fi SSID and/or password fields. When the firmware processes the configuration, the injected command is executed, giving the attacker remote code execution. The weakness is CWE-78, indicating that external input is not properly validated before being passed to the operating system.

Affected Systems

Copeland XWEB 300D PRO, Copeland XWEB 500B PRO and Copeland XWEB 500D PRO devices that run firmware version 1.12.1 or earlier are vulnerable. The vendor lists these product lines in the advisory and provides a single firmware update that addresses the flaw.

Risk and Exploitability

The CVSS base score of 8.0 denotes a high severity vulnerability while the EPSS score of 2 % indicates that automated exploitation is unlikely but not impossible. The flaw requires authentication; an attacker must have access to the device’s Wi‑Fi configuration interface to modify the SSID/password fields, and the configuration must then be processed for the malicious command to run. Because it is not in the CISA KEV catalog, there are currently no known widespread attacks, but the high impact warrants immediate mitigation.

Generated by OpenCVE AI on June 18, 2026 at 10:39 UTC.

Remediation

Vendor Solution

Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.


OpenCVE Recommended Actions

  • Apply the vendor‑provided firmware update for XWEB Pro via the Copeland software update page or the SYSTEM – Updates | Network menu.
  • Restrict access to the Wi‑Fi configuration interface so that only trusted administrators with secure credentials can edit the SSID and password settings.
  • If a firmware update cannot be applied immediately, block or heavily limit remote access to the configuration interface from untrusted networks until the update is installed.

Generated by OpenCVE AI on June 18, 2026 at 10:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 27 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware
CPEs cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*
Vendors & Products Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro
Vendors & Products Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro

Fri, 27 Feb 2026 01:30:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.
Title Copeland XWEB and XWEB Pro OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Copeland Copeland Xweb 300d Pro Copeland Xweb 500b Pro Copeland Xweb 500d Pro Xweb 300d Pro Xweb 300d Pro Firmware Xweb 500b Pro Xweb 500b Pro Firmware Xweb 500d Pro Xweb 500d Pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-02T14:27:46.267Z

Reserved: 2026-02-05T16:47:16.569Z

Link: CVE-2026-25196

cve-icon Vulnrichment

Updated: 2026-03-02T14:27:42.523Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T02:16:20.000

Modified: 2026-06-17T10:24:17.470

Link: CVE-2026-25196

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T10:45:03Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')