Copeland XWEB and XWEB Pro
Plan PatchCVSS 10ICS-CERT ICSA-26-057-10Feb 26, 2026
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Copeland XWEB Pro controllers contain multiple vulnerabilities including authentication bypass (CWE-394), weak cryptography (CWE-327), command injection (CWE-78), path traversal (CWE-22), and buffer overflow (CWE-121) that could allow remote code execution, denial-of-service, or memory corruption. Affected versions are XWEB 300D PRO, 500D PRO, and 500B PRO running firmware 1.12.1 or earlier.
What this means
What could happen
An attacker could bypass authentication on XWEB Pro controllers, allowing them to remotely execute arbitrary code, modify refrigeration setpoints, or cause denial-of-service outages. This directly affects refrigeration system availability and product integrity.
Who's at risk
Copeland XWEB Pro models (300D, 500D, 500B) used for remote monitoring and control of refrigeration systems in supermarkets, cold storage facilities, and commercial HVAC installations. Plant operators, facility managers, and refrigeration technicians depend on these devices for process monitoring and setpoint management.
How it could be exploited
An attacker with network access to the XWEB Pro's web interface could exploit authentication bypass or memory corruption vulnerabilities to run arbitrary commands on the controller. The network vector (AV:N) means the device only needs to be reachable from the attacker's network—no physical access required.
Prerequisites
- Network access to the XWEB Pro web interface (typically port 80/443)
- No valid credentials required due to authentication bypass vulnerability
- Device must be running firmware version 1.12.1 or earlier
remotely exploitableno authentication requiredlow complexityno patch available (end-of-life)affects critical refrigeration control systems
Exploitability
Some exploitation risk — EPSS score 2.3%
Affected products (3)
3 pending
ProductAffected VersionsFix Status
XWEB 300D PRO: <=1.12.1≤ 1.12.1No fix yet
XWEB 500D PRO: <=1.12.1≤ 1.12.1No fix yet
XWEB 500B PRO: <=1.12.1≤ 1.12.1No fix yet
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to XWEB Pro web interface (ports 80/443) to authorized engineering workstations and monitoring systems only using firewall rules
HARDENINGDisable internet-facing access to XWEB Pro units; place on an internal network segment isolated from untrusted networks
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate XWEB Pro firmware to the latest available version via the Copeland software update portal at https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
HOTFIXIf internet-connected, update XWEB Pro directly from the device menu: SYSTEM > Updates > Network, then apply the latest firmware from Copeland servers
CVEs (23)
CVE-2026-25085CVE-2026-21718CVE-2026-24663CVE-2026-21389CVE-2026-25111CVE-2026-20742CVE-2026-24517CVE-2026-25195CVE-2026-20910CVE-2026-24689CVE-2026-25109CVE-2026-20902CVE-2026-24695CVE-2026-25105CVE-2026-24452CVE-2026-23702CVE-2026-25721CVE-2026-20764CVE-2026-25196CVE-2026-25037CVE-2026-22877CVE-2026-20797CVE-2026-3037
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1f2b8b2c-c172-4497-b1ba-b64b212a08aaGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.