Nordex.NC2.Wind.Farm.Portal.XSS

description-logoDescription

This indicates an attack attempt against a Cross-Site Scripting vulnerability in Nordex NC2.
The vulnerability is caused by a lack of sanitizing of the "username" parameter that is passed to "login". An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary script code within the context of the application.

affected-products-logoAffected Products

Nordex Control 2 (NC2) SCADA V16 and prior versions

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)