HIGH✓ PATCH🇬🇧 English

CVE-2026-20764

CVSS 8.0v3.1pub. 2026-02-27

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Copeland Xweb 300d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 300d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500b Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500b Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2026-24663CRITICAL9.0PL ✓ten sam produkt

Command Injection w Copeland XWEB Pro — RCE bez uwierzytelnienia

CVE-2026-21718CRITICAL10.0PL ✓ten sam produkt

Auth Bypass i RCE w Copeland XWEB Pro – firmware sterowników przemysłowych

CVE-2026-20902HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authentica...

CVE-2026-21389HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...

CVE-2026-20910HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...