XWEB Pro: Authenticated Remote Code Execution via Malicious Input

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

XWEB Pro: Authenticated Remote Code Execution via Malicious Input

CVE-2026-3037

Summary

A critical security issue exists in XWEB Pro versions 1.12.1 and earlier. An attacker who is authenticated on the system can exploit this issue by sending malicious input to the XWEB Pro software, potentially allowing them to take control of the system. To protect your system, update to a patched version of XWEB Pro or take immediate action to restrict access to the software until a fix is applied.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
copeland	xweb_300d_pro_firmware	<= 1.12.1	–
copeland	xweb_500d_pro_firmware	<= 1.12.1	–
copeland	xweb_500b_pro_firmware	<= 1.12.1	–

Original title

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input i...

Original description

An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker to achieve remote code
execution on the system by modifying malicious input injected into the
MBird SMS service URL and/or code via the utility route which is later
processed during system setup, leading to remote code execution.

nvd CVSS3.1 8.8

Vulnerability type

CWE-78 OS Command Injection

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05... Third Party Advisory
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate Product
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 Third Party Advisory US Government Resource

Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026