Nordex NC2 XSS (CVE-2014-5408)
Release date:
Updated on:
Affected Systems:
Nordex NC2 <= 15
Description:
CVE (CAN) ID: CVE-2014-5408
Nordex Control 2 is a Web-based SCADA system mainly used in the energy industry dominated by wind energy.
The NC2 Wind Farm Portal has a reflective cross-site scripting vulnerability. This vulnerability occurs because the username parameter is not verified after the logon script is submitted. This vulnerability can be exploited remotely to execute arbitrary script code in the user's browser.
<* Source: Darius Freamon
Link: https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01
*>
Suggestion:
Vendor patch:
Nordex
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.nordex-online.com
This article permanently updates the link address: