← Retour aux CVEs
CVE-2026-3037
HIGH8.0
Description
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed during system setup, leading to remote code execution.
Details CVE
Score CVSS v3.18.0
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisHIGH
Interaction utilisateurNONE
Publie2/27/2026
Derniere modification2/28/2026
Sourcenvd
Observations honeypot0
Produits affectes
copeland:xweb_300d_procopeland:xweb_300d_pro_firmwarecopeland:xweb_500b_procopeland:xweb_500b_pro_firmwarecopeland:xweb_500d_procopeland:xweb_500d_pro_firmware
Faiblesses (CWE)
CWE-78
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json(ics-cert@hq.dhs.gov)
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10(ics-cert@hq.dhs.gov)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.