PatchSiren cyber security CVE debrief
CVE-2026-24695 Copeland CVE debrief
CVE-2026-24695 is a high-severity command injection flaw in Copeland XWEB Pro that can let an authenticated attacker reach remote code execution on affected systems. CISA’s advisory says the issue exists in XWEB Pro version 1.12.1 and earlier and is triggered through malicious input placed into OpenSSL argument fields in requests sent to the utility route.
- Vendor
- Copeland
- Product
- XWEB 300D PRO
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
Administrators and operators of Copeland XWEB Pro deployments, especially systems that are remotely reachable or administered over the network, should prioritize this issue. Security teams responsible for patching, access control, and monitoring of industrial or facility-management systems should also treat it as important.
Technical summary
According to the CISA CSAF advisory, an authenticated attacker can inject malicious input into OpenSSL argument fields within requests to the utility route, resulting in OS command injection and remote code execution. The supplied CVSS 3.1 vector is AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H, reflecting a network-reachable issue that still requires high privileges. The advisory identifies affected XWEB Pro versions as 1.12.1 and prior and lists Copeland-provided remediation paths.
Defensive priority
High
Recommended defensive actions
- Update XWEB Pro to the latest available fixed version using Copeland’s software update page referenced in the advisory.
- If the device has internet access, use the in-product update path described by Copeland: SYSTEM -> Updates -> Network.
- Restrict privileged access to XWEB Pro interfaces and review who can authenticate to the utility route and related administrative functions.
- Place affected systems behind appropriate network segmentation and limit exposure to trusted management networks where possible.
- Monitor for anomalous requests, unexpected command execution, or other signs of misuse until patching is complete.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-057-10, published 2026-02-26, which names Copeland XWEB and XWEB Pro. The advisory states that XWEB Pro 1.12.1 and earlier are affected by an OS command injection issue that can lead to remote code execution via injected OpenSSL argument fields in utility-route requests. The supplied remediation guidance points to Copeland’s software update page and an in-product network update path. The provided timeline shows the CVE publication and modification date as 2026-02-26, and no KEV entry is present in the supplied data. The vendor mapping in the prompt is low-confidence and should be reviewed against the advisory naming.
Official resources
-
CVE-2026-24695 CVE record
CVE.org
-
CVE-2026-24695 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE record on 2026-02-26, with no later modifications shown in the supplied timeline. No known exploitation or KEV listing is provided in the supplied data.