HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2026-25085

CVSS 8.6v3.1pub. 2026-02-27upd. 2026-03-09

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
  • Copeland Xweb 300d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 300d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500b Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500b Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-24663CRITICAL9.0PL ✓ten sam produkt

Command Injection w Copeland XWEB Pro — RCE bez uwierzytelnienia

CVE-2026-21718CRITICAL10.0PL ✓ten sam produkt

Auth Bypass i RCE w Copeland XWEB Pro – firmware sterowników przemysłowych

CVE-2026-20742HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticate...

CVE-2026-20910HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...

CVE-2026-20902HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authentica...