An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HCopeland Xweb 300d Pro
HWCopelandwszystkie wersjeCopeland Xweb 300d Pro Firmware
OSCopeland≤ 1.12.1Copeland Xweb 500b Pro
HWCopelandwszystkie wersjeCopeland Xweb 500b Pro Firmware
OSCopeland≤ 1.12.1Copeland Xweb 500d Pro
HWCopelandwszystkie wersjeCopeland Xweb 500d Pro Firmware
OSCopeland≤ 1.12.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCECommand Injection
CWE
Related vulnerabilities
CVE-2026-24663CRITICAL9.0PL ✓ten sam produkt
Command Injection w Copeland XWEB Pro — RCE bez uwierzytelnienia
CVE-2026-21718CRITICAL10.0PL ✓ten sam produkt
Auth Bypass i RCE w Copeland XWEB Pro – firmware sterowników przemysłowych
CVE-2026-20902HIGH8.0ten sam produkt
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authentica...
CVE-2026-21389HIGH8.0ten sam produkt
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...
CVE-2026-20910HIGH8.0ten sam produkt
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...