PatchSiren cyber security CVE debrief
CVE-2026-24517 Copeland CVE debrief
CVE-2026-24517 is a high-severity authenticated OS command injection vulnerability in Copeland XWEB Pro 1.12.1 and earlier. According to the CISA advisory published on 2026-02-26, malicious input sent to the firmware update route can let an authenticated attacker reach remote code execution on the device.
- Vendor
- Copeland
- Product
- XWEB 300D PRO
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
OT/ICS operators, plant engineers, administrators of Copeland XWEB/XWEB Pro systems, and security teams responsible for firmware management and privileged account control should prioritize this issue.
Technical summary
The supplied advisory describes an OS command injection flaw affecting XWEB Pro version 1.12.1 and prior. The attack requires authentication and targets requests to the firmware update route, where injected input can be executed by the system and result in remote code execution. The provided CVSS vector (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) indicates network reachability, but also high attack complexity and high privileges required.
Defensive priority
High
Recommended defensive actions
- Inventory all Copeland XWEB Pro deployments and confirm whether any system is running version 1.12.1 or earlier.
- Apply Copeland's provided fix by updating XWEB Pro to the latest available version using the vendor update page referenced in the advisory.
- Where applicable, use the on-device SYSTEM -- Updates | Network workflow only from trusted administrative access and verify update source integrity.
- Restrict access to administrative interfaces and firmware update functions to only necessary trusted users and management networks.
- Review authentication controls for privileged XWEB Pro accounts, including strong passwords and account minimization.
- Monitor device logs and administrative activity for unexpected firmware update requests or abnormal command execution behavior.
- Segment XWEB Pro systems from broader business networks to reduce exposure if an administrative account is compromised.
Evidence notes
This debrief is based on the CISA CSAF advisory 'Copeland XWEB and XWEB Pro' (ICSA-26-057-10), published 2026-02-26, with the same publication and modification timestamp in the supplied source item. The advisory text explicitly states that an OS command injection in XWEB Pro 1.12.1 and prior can be triggered through the firmware update route and can lead to remote code execution. The supplied enrichment marks the issue as not listed in KEV.
Official resources
-
CVE-2026-24517 CVE record
CVE.org
-
CVE-2026-24517 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-02-26 via advisory ICSA-26-057-10. The supplied enrichment indicates the vulnerability was not added to CISA KEV in the provided corpus.