{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3037", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-02-23T16:21:11.631Z", "datePublished": "2026-02-27T01:06:42.223Z", "dateUpdated": "2026-02-27T19:09:35.935Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Copeland XWEB 300D PRO", "vendor": "Copeland", "versions": [{"lessThanOrEqual": "1.12.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Copeland XWEB 500D PRO", "vendor": "Copeland", "versions": [{"lessThanOrEqual": "1.12.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Copeland XWEB 500B PRO", "vendor": "Copeland", "versions": [{"lessThanOrEqual": "1.12.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Amir Zaltzman and Noam Moshe of Claroty Team82 reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An OS command injection vulnerability exists in XWEB Pro version 1.12.1 \nand prior, enabling an authenticated attacker to achieve remote code \nexecution on the system by modifying malicious input injected into the \nMBird SMS service URL and/or code via the utility route which is later \nprocessed during system setup, leading to remote code execution."}], "value": "An OS command injection vulnerability exists in XWEB Pro version 1.12.1 \nand prior, enabling an authenticated attacker to achieve remote code \nexecution on the system by modifying malicious input injected into the \nMBird SMS service URL and/or code via the utility route which is later \nprocessed during system setup, leading to remote code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-02-27T01:06:42.223Z"}, "references": [{"url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Copeland has provided a fix for the vulnerabilities and recommends users\n update the XWEB Pro to the latest version by going to their software \nupdate page \n<a target=\"_blank\" rel=\"nofollow\" href=\"https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate\">https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate</a> in the \nsections dedicated to the different XWEBPRO models page.\n\n<br>"}], "value": "Copeland has provided a fix for the vulnerabilities and recommends users\n update the XWEB Pro to the latest version by going to their software \nupdate page \n https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the \nsections dedicated to the different XWEBPRO models page."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Alternatively, a user logged into an XWEB Pro with internet access can \nupdate XWEB Pro directly from Copeland servers via the menu SYSTEM -- \nUpdates | Network.\n\n<br>"}], "value": "Alternatively, a user logged into an XWEB Pro with internet access can \nupdate XWEB Pro directly from Copeland servers via the menu SYSTEM -- \nUpdates | Network."}], "source": {"advisory": "ICSA-26-057-10", "discovery": "EXTERNAL"}, "title": "Copeland XWEB and XWEB Pro OS Command Injection", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T19:09:29.232913Z", "id": "CVE-2026-3037", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T19:09:35.935Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3037", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T19:09:29.232913Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T19:09:32.442Z"}}], "cna": {"title": "Copeland XWEB and XWEB Pro OS Command Injection", "source": {"advisory": "ICSA-26-057-10", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Amir Zaltzman and Noam Moshe of Claroty Team82 reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Copeland", "product": "Copeland XWEB 300D PRO", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.1"}], "defaultStatus": "unaffected"}, {"vendor": "Copeland", "product": "Copeland XWEB 500D PRO", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.1"}], "defaultStatus": "unaffected"}, {"vendor": "Copeland", "product": "Copeland XWEB 500B PRO", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Copeland has provided a fix for the vulnerabilities and recommends users\n update the XWEB Pro to the latest version by going to their software \nupdate page \n https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the \nsections dedicated to the different XWEBPRO models page.", "supportingMedia": [{"type": "text/html", "value": "Copeland has provided a fix for the vulnerabilities and recommends users\n update the XWEB Pro to the latest version by going to their software \nupdate page \n<a target=\"_blank\" rel=\"nofollow\" href=\"https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate\">https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate</a> in the \nsections dedicated to the different XWEBPRO models page.\n\n<br>", "base64": false}]}, {"lang": "en", "value": "Alternatively, a user logged into an XWEB Pro with internet access can \nupdate XWEB Pro directly from Copeland servers via the menu SYSTEM -- \nUpdates | Network.", "supportingMedia": [{"type": "text/html", "value": "Alternatively, a user logged into an XWEB Pro with internet access can \nupdate XWEB Pro directly from Copeland servers via the menu SYSTEM -- \nUpdates | Network.\n\n<br>", "base64": false}]}], "references": [{"url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in XWEB Pro version 1.12.1 \nand prior, enabling an authenticated attacker to achieve remote code \nexecution on the system by modifying malicious input injected into the \nMBird SMS service URL and/or code via the utility route which is later \nprocessed during system setup, leading to remote code execution.", "supportingMedia": [{"type": "text/html", "value": "An OS command injection vulnerability exists in XWEB Pro version 1.12.1 \nand prior, enabling an authenticated attacker to achieve remote code \nexecution on the system by modifying malicious input injected into the \nMBird SMS service URL and/or code via the utility route which is later \nprocessed during system setup, leading to remote code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-02-27T01:06:42.223Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3037", "state": "PUBLISHED", "dateUpdated": "2026-02-27T19:09:35.935Z", "dateReserved": "2026-02-23T16:21:11.631Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-02-27T01:06:42.223Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF93AA67-7ABF-45C8-8376-7A28F7D65464", "versionEndIncluding": "1.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEA10B9B-531A-4775-B32D-AC743D696126", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "088F312E-06DF-4B90-A478-A6B5A39DE0F0", "versionEndIncluding": "1.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A524988E-E22F-4B0F-AEE6-46B3F103989C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E13AD164-C82A-4D6C-84C0-83EB8B0A611C", "versionEndIncluding": "1.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "1707F67B-6365-4065-812C-7CC596C6CFF1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in XWEB Pro version 1.12.1 \nand prior, enabling an authenticated attacker to achieve remote code \nexecution on the system by modifying malicious input injected into the \nMBird SMS service URL and/or code via the utility route which is later \nprocessed during system setup, leading to remote code execution."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo (OS) existe en XWEB Pro versi\u00f3n 1.12.1 y anteriores, lo que permite a un atacante autenticado lograr la ejecuci\u00f3n remota de c\u00f3digo en el sistema al modificar una entrada maliciosa inyectada en la URL del servicio SMS de MBird y/o en el c\u00f3digo a trav\u00e9s de la ruta de utilidad, que luego se procesa durante la configuraci\u00f3n del sistema, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2026-3037", "lastModified": "2026-02-28T01:13:53.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-27T02:16:20.330", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory"], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}