Wednesday, October 14, 2015

[ICS] Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS Vulnerability

[ICS] Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS Vulnerability

CERT published an Advisory ICSA-15-286-01, on my vulnerability report for Nordex’s NC2 Wind Farm Portal application.

CVE #: CVE-2015-6477


Nordex is a company based in Germany that maintains offices in countries around the world.

The affected product, Nordex Control 2, is a web-based SCADA system for wind power plants. According to Nordex, NC2 is deployed across the Energy sector. Nordex estimates that this product is used primarily in the United States, Europe, and China.


The vulnerable parameter is - 'username'.


No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.