CVE-2015-0985

XZERES 442SR OS - Cross-Site Request Forgery via Password Change GET Request

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-076-01

Scores

EPSS 0.0064
EPSS Percentile 46.4%

Details

CWE
CWE-352
Status published
Products (2)
xzeres/442sr
xzeres/442sr_os
Published Mar 31, 2015
Tracked Since Feb 18, 2026