CVE-2026-25195
published 2026-02-27CVE-2026-25195: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the…
PriorityP344medium6.6CVSS 3.1
AVNACHPRHUINSUCHIHAH
EPSS
1.45%
70.0th percentile
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
supplying a crafted firmware update file via the firmware update route.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| copeland | copeland_xweb_300d_pro | <= 1.12.1 | — |
| copeland | copeland_xweb_500b_pro | <= 1.12.1 | — |
| copeland | copeland_xweb_500d_pro | <= 1.12.1 | — |
| copeland | xweb_300d_pro_firmware | <= 1.12.1 | — |
| copeland | xweb_500b_pro_firmware | <= 1.12.1 | — |
| copeland | xweb_500d_pro_firmware | <= 1.12.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Copeland XWEB and XWEB Pro
cisa_ics·2026-02-26·CVSS 8.0
[HIGH] Copeland XWEB and XWEB Pro
ICS Advisory
##
Copeland XWEB and XWEB Pro
Release DateFebruary 26, 2026
Alert CodeICSA-26-057-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code.
The following versions of Copeland XWEB and XWEB Pro are affected:
- XWEB 300D PRO <=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026
GHSA
GHSA-w79v-r93f-2r96: An OS command injection
vulnerability exists in XWEB Pro version 1
ghsa_unreviewed·2026-02-27
CVE-2026-25195 [HIGH] CWE-78 GHSA-w79v-r93f-2r96: An OS command injection
vulnerability exists in XWEB Pro version 1
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
supplying a crafted firmware update file via the firmware update route.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-27
Published