CVE-2026-22877 Copeland CVE debrief

Who should care

Administrators and operators of Copeland XWEB Pro deployments, especially the XWEB 300D PRO, XWEB 500D PRO, and XWEB 500B PRO model families named in the advisory, along with OT/ICS teams responsible for patching and access control.

Technical summary

The supplied CISA CSAF advisory (ICSA-26-057-10) describes CVE-2026-22877 as an arbitrary file-read flaw in XWEB Pro 1.12.1 and prior that can be exercised without authentication. The provided CVSS vector is AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N, which scores the issue as low severity, with limited confidentiality impact and no integrity or availability impact reflected in the vector; the narrative note also mentions potential denial of service.

Defensive priority

Patch promptly, but this is not a KEV-class emergency in the supplied data. Prioritize any deployments that are broadly network reachable, and move affected systems onto the next available maintenance window if exposure is limited.

Recommended defensive actions

• Update XWEB Pro to the latest vendor-fixed version using Copeland's software update page referenced in the advisory.
• If the device has internet access and a logged-in operator, use the SYSTEM -- Updates | Network menu to retrieve the fix directly from Copeland.
• Inventory XWEB Pro installations and confirm whether any device is running version 1.12.1 or earlier.
• Follow CISA ICS recommended practices while patching and reducing exposure for affected OT/ICS systems.

Evidence notes

This debrief is based on the supplied CISA CSAF source item for ICSA-26-057-10, published and modified on 2026-02-26. The advisory text states that XWEB Pro version 1.12.1 and prior is affected by an unauthenticated arbitrary file-read issue with possible denial-of-service impact, and it provides remediation guidance to update via Copeland's software update page or the device's network update function. The supplied enrichment data does not list the CVE in CISA KEV.

Official resources