This host is installed with Nordex NC2 and is prone to cross-site scripting vulnerability.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

No solution available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.nordex-online.com/en

Flaw exists because the application does not validate the 'username' parameter upon submission to the login script.

Nordex Control 2 (NC2) SCADA V15 and prior versions

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://www.auscert.org.au/render.html?it=21058
• http://xforce.iss.net/xforce/xfdb/98443
• https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01

---

Updated on 2015-03-25