CVE-2026-25195
Received
Received - Intake
OS Command Injection in XWEB Pro Firmware Update Enables RCE
Publication date: 2026-02-27
Last updated on: 2026-03-09
Assigner: ICS-CERT
Description
Description
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
supplying a crafted firmware update file via the firmware update route.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | xweb_300d_pro_firmware | to 1.12.1 (inc) |
| copeland | xweb_500b_pro_firmware | to 1.12.1 (inc) |
| copeland | xweb_500d_pro_firmware | to 1.12.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS command injection in XWEB Pro version 1.12.1 and earlier. It allows an authenticated attacker to execute arbitrary code remotely by supplying a specially crafted firmware update file through the firmware update mechanism.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution on the affected system, which means an attacker could take control of the system, potentially leading to data compromise, system disruption, or further attacks within the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70