CVE-2026-23702

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
sending malicious input injected into the server username field of the
import preconfiguration action in the API V1 route.

Vulnerability Details

Published Date

February 27, 2026

Last Modified

February 27, 2026

CWE ID

CWE-78

Source

NVD

Vendor

Copeland

Product

Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO

External References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

CVE-2026-23702

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment