CVE-2015-6477
MEDIUM NUCLEINordex Control 2 SCADA < 16 - Cross-Site Scripting
Title source: llmExploitation Summary
CVE-2015-6477 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Nuclei Templates (1)
Nordex NC2 - Cross-Site Scripting
MEDIUMVERIFIEDby geeknik,daffainfo
Shodan:
http.title:"Nordex Control - Wind Farm Portal"
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Dec/117
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/135068/Nordex-Control-2-NC2-SCADA-16-Cross-Site-Scripting.html
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
Scores
CVSS v3
6.1
EPSS
0.1800
EPSS Percentile
95.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
nordex/nordex_control_2_scada
< 16
Published
Oct 18, 2015
Tracked Since
Feb 18, 2026