Summary
This host is installed with Nordex NC2
and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote
attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site.
Impact Level: Application
Solution
No solution available as of 20th February,
2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.nordex-online.com/en
Insight
Flaw exists because the application does not
validate the 'username' parameter upon submission to the login script.
Affected
Nordex Control 2 (NC2) SCADA V15
and prior versions
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-5408 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities June-09
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability