Description
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70851
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-303-01.json
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-303-01
Scores
EPSS
0.0087
EPSS Percentile
75.3%
Details
CWE
CWE-79
Status
published
Products (2)
Nordex/Nordex Control 2 (NC2) SCADA
< 15
nordex/nordex_control_2_scada
< 15
Published
Nov 05, 2014
Tracked Since
Feb 18, 2026