Skip to main content

Xweb 300d Pro Firmware CVE-2026-21718

CRITICAL
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2026-02-27 ics-cert@hq.dhs.gov
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 01:16 nvd
CRITICAL 10.0

DescriptionCVE.org

An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.

AnalysisAI

Authentication bypass in Copeland XWEB Pro HVAC controller version 1.12.1 and prior due to weak cryptographic algorithm. CVSS 10.0 — any unauthenticated attacker can gain full system access to building automation controllers.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send unauthenticated network request
Exploit
Bypass authentication mechanism
Execution
Execute arbitrary code pre-authentication
Impact
Achieve system compromise

Vulnerability AssessmentAI

Exploitation No special conditions — remote unauthenticated exploitation against Copeland XWEB Pro version 1.12.1 and prior with default configurations. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 10.0. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Attacker discovers internet-exposed XWEB Pro controller, bypasses authentication using cryptographic weakness, gains full control of HVAC systems — can modify temperature setpoints, disable alarms, or cause equipment damage.
Remediation Update XWEB Pro firmware. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Copeland XWEB Pro v1.12.1 or earlier and isolate them from production networks if possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-24663 CRITICAL
9.0 Feb 27

Unauthenticated OS command injection in Copeland XWEB Pro HVAC controller version 1.12.1 and prior. EPSS 0.96% indicates

CVE-2026-25085 HIGH
8.6 Feb 27

Copeland XWEB Pro firmware versions 1.12.1 and earlier suffer from an authentication bypass vulnerability where malforme

CVE-2026-24517 HIGH
8.0 Feb 27

Remote code execution in Xweb 300d/500b/500d Pro firmware versions 1.12.1 and earlier allows authenticated attackers to

CVE-2026-25195 HIGH
8.0 Feb 27

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitra

CVE-2026-25111 HIGH
8.0 Feb 27

Remote code execution in XWEB Pro versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS com

CVE-2026-25109 HIGH
8.0 Feb 27

Remote code execution in Xweb 300d Pro, 500d Pro, and 500b Pro firmware versions 1.12.1 and earlier allows authenticated

CVE-2026-24695 HIGH
8.0 Feb 27

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitra

CVE-2026-24689 HIGH
8.0 Feb 27

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbit

CVE-2026-21389 HIGH
8.0 Feb 27

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbit

CVE-2026-20910 HIGH
8.0 Feb 27

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitra

CVE-2026-20902 HIGH
8.0 Feb 27

Remote code execution in Xweb 300d Pro, 500b Pro, and 500d Pro firmware (version 1.12.1 and prior) allows authenticated

CVE-2026-20742 HIGH
8.0 Feb 27

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitra

Share

CVE-2026-21718 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy