A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:LCopeland Xweb 300d Pro
HWCopelandwszystkie wersjeCopeland Xweb 300d Pro Firmware
OSCopeland≤ 1.12.1Copeland Xweb 500b Pro
HWCopelandwszystkie wersjeCopeland Xweb 500b Pro Firmware
OSCopeland≤ 1.12.1Copeland Xweb 500d Pro
HWCopelandwszystkie wersjeCopeland Xweb 500d Pro Firmware
OSCopeland≤ 1.12.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Powiązane podatności
CVE-2026-24663CRITICAL9.0PL ✓ten sam produkt
Command Injection w Copeland XWEB Pro — RCE bez uwierzytelnienia
CVE-2026-21718CRITICAL10.0PL ✓ten sam produkt
Auth Bypass i RCE w Copeland XWEB Pro – firmware sterowników przemysłowych
CVE-2026-20742HIGH8.0ten sam produkt
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticate...
CVE-2026-20910HIGH8.0ten sam produkt
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...
CVE-2026-20902HIGH8.0ten sam produkt
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authentica...