CVE-2015-6477
published 2015-10-18CVE-2015-6477: Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers…
PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
12.04%
95.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nordex | nordex_control_2_scada | <= 16 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Nordex Control 2 SCADA up to 16 Wind Farm Portal Application cross site scripting (ID 135068)
vuldb·2026-06-03·CVSS 6.1
CVE-2015-6477 [MEDIUM] Nordex Control 2 SCADA up to 16 Wind Farm Portal Application cross site scripting (ID 135068)
A vulnerability, which was classified as problematic, has been found in Nordex Control 2 SCADA up to 16. The affected element is an unknown function of the component Wind Farm Portal Application. Performing a manipulation results in cross site scripting.
This vulnerability was named CVE-2015-6477. The attack may be initiated remotely. In addition, an exploit is available.
GHSA
GHSA-x62w-289v-82mf: Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote at
ghsa_unreviewed·2022-05-17
CVE-2015-6477 [MEDIUM] CWE-79 GHSA-x62w-289v-82mf: Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote at
Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CISA ICS
Nordex NC2 XSS Vulnerability
cisa_ics·2018-08-27
Nordex NC2 XSS Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Nordex NC2 XSS Vulnerability
Last RevisedAugust 27, 2018
Alert CodeICSA-15-286-01
## OVERVIEW
Independent researcher Karn Ganeshen has identified a cross-site scripting vulnerability in Nordex’s NC2 Wind Farm Portal application. Nordex has produced an update to mitigate this vulnerability.
This vulnerability could be exploited remotely.
## AFFECTED PRODUCTS
The following Nordex NC2 versions are affected:
- Nordex Control 2 (NC2) SCADA V16 and prior versions.
## IMPACT
Cross-site scripting presents one entry point for attackers to access and manipulate control systems netwo
No detection rules found.
Nuclei
Nordex NC2 - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2015-6477 [MEDIUM] Nordex NC2 - Cross-Site Scripting
Nordex NC2 - Cross-Site Scripting
Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Template:
id: CVE-2015-6477
info:
name: Nordex NC2 - Cross-Site Scripting
author: geeknik,daffainfo
severity: medium
description: Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
impact: |
Successful exploitation of this vu
No writeups or analysis indexed.
http://packetstormsecurity.com/files/135068/Nordex-Control-2-NC2-SCADA-16-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2015/Dec/117https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01http://packetstormsecurity.com/files/135068/Nordex-Control-2-NC2-SCADA-16-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2015/Dec/117https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
2015-10-18
Published