{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T17:14:05.228","vulnerabilities":[{"cve":{"id":"CVE-2026-23702","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-02-27T02:16:18.700","lastModified":"2026-02-27T23:08:42.743","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n sending malicious input injected into the server username field of the \nimport preconfiguration action in the API V1 route."},{"lang":"es","value":"Una vulnerabilidad de inyección de comandos del sistema operativo existe en XWEB Pro versión 1.12.1 y anteriores, lo que permite a un atacante autenticado lograr la ejecución remota de código en el sistema al enviar una entrada maliciosa inyectada en el campo de nombre de usuario del servidor de la acción de importación de preconfiguración en la ruta de la API V1."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"BF93AA67-7ABF-45C8-8376-7A28F7D65464"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"AEA10B9B-531A-4775-B32D-AC743D696126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"088F312E-06DF-4B90-A478-A6B5A39DE0F0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"A524988E-E22F-4B0F-AEE6-46B3F103989C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"E13AD164-C82A-4D6C-84C0-83EB8B0A611C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"1707F67B-6365-4065-812C-7CC596C6CFF1"}]}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate","source":"ics-cert@hq.dhs.gov","tags":["Product"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}}]}