CVE-2014-5408
published 2014-11-05CVE-2014-5408: Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.67%
73.9th percentile
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nordex | nordex_control_2_scada | <= 15 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-28pc-8r63-2vcq: Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows rem
ghsa_unreviewed·2022-05-17
CVE-2014-5408 [MEDIUM] CWE-79 GHSA-28pc-8r63-2vcq: Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows rem
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CISA ICS
Nordex NC2 XSS Vulnerability
cisa_ics·2013-10-31
Nordex NC2 XSS Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Nordex NC2 XSS Vulnerability
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-303-01
## OVERVIEW
This advisory is a follow-up to the alert titled ICS-ALERT-13-304-01 Nordex NC2 – Cross-Site Scripting Vulnerability that was published October 31, 2013, on the NCCIC/ICS-CERT web site.
Independent researcher Darius Freamon identified a cross-site scripting vulnerability in the Nordex Control 2 (NC2) application and released proof-of-concept (exploit) code without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT.
This vulnerability could be
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-11-05
Published