PatchSiren cyber security CVE debrief
CVE-2026-24689 Copeland CVE debrief
CVE-2026-24689 is an authenticated OS command injection vulnerability in Copeland XWEB Pro version 1.12.1 and earlier. According to the CISA CSAF advisory, malicious input in the devices field of the firmware update apply action can lead to remote code execution on the system. The advisory was published on 2026-02-26 and rates the issue as high severity.
- Vendor
- Copeland
- Product
- XWEB 300D PRO
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
Organizations operating Copeland XWEB Pro appliances, especially administrators responsible for firmware updates and OT/ICS environments, should treat this as a priority. Security teams should also review any deployments where authenticated users have access to the web interface.
Technical summary
The advisory describes an OS command injection weakness affecting XWEB Pro 1.12.1 and prior. An authenticated attacker can inject malicious input into the devices field during the firmware update apply action and gain remote code execution. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H, reflecting a network-reachable issue that requires high privileges but can have full confidentiality, integrity, and availability impact.
Defensive priority
High. Although the attacker must be authenticated and the CVSS vector indicates high complexity and high privileges, the consequence is remote code execution on a system used in operational environments. Patch and access controls should be handled promptly.
Recommended defensive actions
- Apply Copeland's fixed release for XWEB Pro as soon as possible using the vendor software update page referenced in the advisory.
- If internet access is available from the device, use Copeland's in-product update path (SYSTEM > Updates > Network) only after validating change windows and update integrity.
- Restrict who can authenticate to XWEB Pro and review account privileges for any users who can reach firmware update functions.
- Monitor for unexpected activity around firmware update workflows and review logs for anomalous commands or update attempts.
- Treat impacted systems as OT/ICS assets and follow established change-management and backup procedures before updating.
Evidence notes
All factual statements are drawn from the supplied CISA CSAF advisory record for ICSA-26-057-10 / CVE-2026-24689 and the associated CVE reference. The advisory states the affected versions, the injection location, the authenticated attack requirement, and the remediation paths. Published and modified dates used here come from the supplied CVE/source timeline, not from generation time.
Official resources
-
CVE-2026-24689 CVE record
CVE.org
-
CVE-2026-24689 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-02-26 as ICSA-26-057-10 / CVE-2026-24689.