Your one-stop web resource providing safety and security information to manufacturers

There is a public report of a cross-site scripting (XSS) vulnerability affecting the Nordex Control 2 (NC2) application, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product, according to a report on ICS-CERT.

The vulnerability is exploitable by allowing a specially crafted request that could execute arbitrary script code, according to this report which released without coordination with either the vendor or ICS-CERT.

WellinTech Patches KingView Holes
Alstom Software Bug Patch Update
DNP3 Implementation Vulnerability
Wonderware Fixes InTouch Vulnerability

ICS-CERT is attempting to contact the vendor to notify them of the report and will ask the vendor to confirm the vulnerability and identify mitigations. This alert is coming out to provide early notice of the public report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The report included vulnerability details and proof-of-concept (PoC) exploit code for the vulnerability.

Schneider Bold

ICS-CERT is aware of a report on (an open-source vulnerability database Website) outlining the XSS vulnerability that may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server.

Independent researcher Darius Freamon originally published his findings on his blog and ended up reported on OSVDB October 18. No specific PoC code ends up required as the vulnerability affects data input to the username field of the HMI Web site.

This product works with all the Nordex wind turbine generators. The HMI monitors status with the turbine and electrical production.

ICS-CERT is attempting to coordinate with Nordex and the security researcher to identify mitigations.

Pin It on Pinterest

Share This