Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Nordex Control 2 (NC2) SCADA by Nordex

    CVE-2014-5408 (GCVE-0-2014-5408)

    Vulnerability from nvd – Published: 2014-11-05 11:00 – Updated: 2025-11-03 18:50
    VLAI
    Title
    Nordex NC2 Cross-site Scripting
    Summary
    Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Nordex Nordex Control 2 (NC2) SCADA Affected: 0 , ≤ 15 (custom)
    Create a notification for this product.
    Date Public
    2014-10-30 06:00
    Credits
    Darius Freamon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01"
              },
              {
                "name": "70851",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70851"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nordex Control 2 (NC2) SCADA",
              "vendor": "Nordex",
              "versions": [
                {
                  "lessThanOrEqual": "15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Darius Freamon"
            }
          ],
          "datePublic": "2014-10-30T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.\u003c/p\u003e"
                }
              ],
              "value": "Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-03T18:50:14.150Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-303-01"
            },
            {
              "name": "70851",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70851"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-303-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNordex will release a patch for all affected NC2-SCADA versions until\n the end of 2014. The patching of the NC2-SCADA system has to be done by\n Nordex.\u003c/p\u003e\n\u003cp\u003eNordex will upgrade all wind farms with a valid service contract to \nthe patched version of the NC2-SCADA in coordination with normal \nmaintenance operations.\u003c/p\u003e\n\u003cp\u003eOwners of Nordex NC2-based wind farms without a valid service \ncontract can order the patch from Nordex by contacting their local \nNordex service organization.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Nordex will release a patch for all affected NC2-SCADA versions until\n the end of 2014. The patching of the NC2-SCADA system has to be done by\n Nordex.\n\n\nNordex will upgrade all wind farms with a valid service contract to \nthe patched version of the NC2-SCADA in coordination with normal \nmaintenance operations.\n\n\nOwners of Nordex NC2-based wind farms without a valid service \ncontract can order the patch from Nordex by contacting their local \nNordex service organization."
            }
          ],
          "source": {
            "advisory": "ICSA-14-303-01",
            "discovery": "EXTERNAL"
          },
          "title": "Nordex NC2 Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-5408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01"
                },
                {
                  "name": "70851",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70851"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-5408",
        "datePublished": "2014-11-05T11:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2025-11-03T18:50:14.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2014-5408 (GCVE-0-2014-5408)

    Vulnerability from cvelistv5 – Published: 2014-11-05 11:00 – Updated: 2025-11-03 18:50
    VLAI
    Title
    Nordex NC2 Cross-site Scripting
    Summary
    Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Nordex Nordex Control 2 (NC2) SCADA Affected: 0 , ≤ 15 (custom)
    Create a notification for this product.
    Date Public
    2014-10-30 06:00
    Credits
    Darius Freamon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:49.060Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01"
              },
              {
                "name": "70851",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70851"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nordex Control 2 (NC2) SCADA",
              "vendor": "Nordex",
              "versions": [
                {
                  "lessThanOrEqual": "15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Darius Freamon"
            }
          ],
          "datePublic": "2014-10-30T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.\u003c/p\u003e"
                }
              ],
              "value": "Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-03T18:50:14.150Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-303-01"
            },
            {
              "name": "70851",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70851"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-303-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNordex will release a patch for all affected NC2-SCADA versions until\n the end of 2014. The patching of the NC2-SCADA system has to be done by\n Nordex.\u003c/p\u003e\n\u003cp\u003eNordex will upgrade all wind farms with a valid service contract to \nthe patched version of the NC2-SCADA in coordination with normal \nmaintenance operations.\u003c/p\u003e\n\u003cp\u003eOwners of Nordex NC2-based wind farms without a valid service \ncontract can order the patch from Nordex by contacting their local \nNordex service organization.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Nordex will release a patch for all affected NC2-SCADA versions until\n the end of 2014. The patching of the NC2-SCADA system has to be done by\n Nordex.\n\n\nNordex will upgrade all wind farms with a valid service contract to \nthe patched version of the NC2-SCADA in coordination with normal \nmaintenance operations.\n\n\nOwners of Nordex NC2-based wind farms without a valid service \ncontract can order the patch from Nordex by contacting their local \nNordex service organization."
            }
          ],
          "source": {
            "advisory": "ICSA-14-303-01",
            "discovery": "EXTERNAL"
          },
          "title": "Nordex NC2 Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-5408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01"
                },
                {
                  "name": "70851",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70851"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-5408",
        "datePublished": "2014-11-05T11:00:00.000Z",
        "dateReserved": "2014-08-22T00:00:00.000Z",
        "dateUpdated": "2025-11-03T18:50:14.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }