Description
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the Wi-Fi SSID and/or password fields
can lead to remote code execution when the configuration is processed.
Published: 2026-02-27
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An OS command injection flaw in Copeland XWEB Pro version 1.12.1 and earlier allows an authenticated attacker to inject arbitrary shell commands through the Wi‑Fi SSID and/or password fields. When the configuration is processed, the malicious input is executed, giving the attacker remote code execution capabilities. The weakness corresponds to CWE‑78, indicating improper validation of external input before executing system commands.

Affected Systems

Copeland XWEB 300D PRO, Copeland XWEB 500B PRO, and Copeland XWEB 500D PRO devices running firmware version 1.12.1 or earlier are vulnerable. The issue is present in both the application and the underlying firmware of these models.

Risk and Exploitability

The CVSS base score is 8.0, indicating high severity, while the EPSS score is reported as less than 1 %, suggesting a relatively low chance of automated exploitation. The vulnerability is not listed in the CISA KEV catalogue. Exploitation requires an attacker to be authenticated and able to modify Wi‑Fi configuration parameters—likely through local access or a compromised user account with permission to edit the SSID/password fields. The attack surface therefore depends on the security of the device configuration interface and the compromise of valid credentials.

Generated by OpenCVE AI on April 16, 2026 at 15:39 UTC.

Remediation

Vendor Solution

Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.

OpenCVE Recommended Actions

  • Apply the Copeland XWEB Pro firmware update to the latest version via the software update page or the SYSTEM – Updates | Network menu.
  • Restrict access to the Wi‑Fi configuration interface so that only trusted administrators with secure credentials can edit SSID and password settings.
  • If an immediate firmware update cannot be performed, block or restrict remote access to the configuration interface from untrusted networks until the update is applied.

Generated by OpenCVE AI on April 16, 2026 at 15:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware
CPEs cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*
Vendors & Products Copeland xweb 300d Pro
Copeland xweb 300d Pro Firmware
Copeland xweb 500b Pro
Copeland xweb 500b Pro Firmware
Copeland xweb 500d Pro
Copeland xweb 500d Pro Firmware

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro
Vendors & Products Copeland
Copeland copeland Xweb 300d Pro
Copeland copeland Xweb 500b Pro
Copeland copeland Xweb 500d Pro

Fri, 27 Feb 2026 01:30:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.
Title Copeland XWEB and XWEB Pro OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Copeland Copeland Xweb 300d Pro Copeland Xweb 500b Pro Copeland Xweb 500d Pro Xweb 300d Pro Xweb 300d Pro Firmware Xweb 500b Pro Xweb 500b Pro Firmware Xweb 500d Pro Xweb 500d Pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-02T14:27:46.267Z

Reserved: 2026-02-05T16:47:16.569Z

Link: CVE-2026-25196

cve-icon Vulnrichment

Updated: 2026-03-02T14:27:42.523Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T02:16:20.000

Modified: 2026-02-27T23:06:36.453

Link: CVE-2026-25196

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:45:16Z

Weaknesses