{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T16:34:16.732","vulnerabilities":[{"cve":{"id":"CVE-2026-21389","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-02-27T01:16:17.890","lastModified":"2026-02-27T23:12:14.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the request body sent to the contacts \nimport route."},{"lang":"es","value":"Una vulnerabilidad de inyección de comandos del sistema operativo (OS) existe en XWEB Pro versión 1.12.1 y anteriores, lo que permite a un atacante autenticado lograr la ejecución remota de código en el sistema mediante la inyección de entrada maliciosa en el cuerpo de la solicitud enviado a la ruta de importación de contactos."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"BF93AA67-7ABF-45C8-8376-7A28F7D65464"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"AEA10B9B-531A-4775-B32D-AC743D696126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"088F312E-06DF-4B90-A478-A6B5A39DE0F0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"A524988E-E22F-4B0F-AEE6-46B3F103989C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"E13AD164-C82A-4D6C-84C0-83EB8B0A611C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"1707F67B-6365-4065-812C-7CC596C6CFF1"}]}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate","source":"ics-cert@hq.dhs.gov","tags":["Product"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}}]}