HIGH✓ PATCH🇬🇧 English

CVE-2026-21389

CVSS 8.0v3.1pub. 2026-02-27

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Copeland Xweb 300d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 300d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500b Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500b Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
  • Copeland Xweb 500d Pro

    HW
    Copeland
    wszystkie wersje
  • Copeland Xweb 500d Pro Firmware

    OS
    Copeland
    ≤ 1.12.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2026-24663CRITICAL9.0PL ✓ten sam produkt

Command Injection w Copeland XWEB Pro — RCE bez uwierzytelnienia

CVE-2026-21718CRITICAL10.0PL ✓ten sam produkt

Auth Bypass i RCE w Copeland XWEB Pro – firmware sterowników przemysłowych

CVE-2026-20742HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticate...

CVE-2026-20910HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated...

CVE-2026-20902HIGH8.0ten sam produkt

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authentica...