CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-25109

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 71.2%

CVSS Severity

CVSS v3 Score 8.0

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

Products affected by CVE-2026-25109

Copeland » Xweb 300d Pro » Version: N/A

cpe:2.3:h:copeland:xweb_300d_pro:-
Copeland » Xweb 500b Pro » Version: N/A

cpe:2.3:h:copeland:xweb_500b_pro:-
Copeland » Xweb 500d Pro » Version: N/A

cpe:2.3:h:copeland:xweb_500d_pro:-
Copeland » Xweb 300d Pro Firmware » Version: Any

cpe:2.3:o:copeland:xweb_300d_pro_firmware:*
Copeland » Xweb 500b Pro Firmware » Version: Any

cpe:2.3:o:copeland:xweb_500b_pro_firmware:*
Copeland » Xweb 500d Pro Firmware » Version: Any

cpe:2.3:o:copeland:xweb_500d_pro_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25109

Products

Pricing

Contact Us