OTPulse
FeedAboutContact

Nordex NC2 XSS Vulnerability

Low RiskICS-CERT ICSA-14-303-01Aug 2, 2014
Summary

Nordex Control 2 (NC2) SCADA software version V15 and earlier contains a reflected cross-site scripting (XSS) vulnerability in the web interface. An attacker can inject malicious script code that executes in the browser of any user who accesses a crafted link. No vendor patch is available for this product.

What this means
What could happen
An attacker with access to the Nordex Control 2 web interface could inject malicious script code that executes in the browser of engineering staff or operators, potentially allowing session hijacking, credential theft, or redirection to phishing sites.
Who's at risk
Energy sector operators using Nordex Control 2 (NC2) SCADA systems should be concerned. This affects any facility that relies on NC2 for wind turbine control or grid-connected renewable energy operations where the web interface is accessible to staff.
How it could be exploited
An attacker with network access to the NC2 web interface (typically port 80/443) crafts a malicious URL or injects script into a vulnerable input field. When an authorized user (engineer or operator) visits the link or views the affected page, the script executes in their browser with their privileges, allowing the attacker to steal session cookies, capture credentials, or perform actions on their behalf.
Prerequisites
  • Network access to the Nordex NC2 web interface (HTTP/HTTPS port)
  • A valid user must visit or click a malicious link containing the injected payload
  • The vulnerability exists in version V15 or earlier
remotely exploitableno patch availablerequires user interaction (social engineering component)
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
Nordex Control 2 (NC2) SCADA: <=V15≤ V15No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGRestrict network access to the Nordex NC2 web interface using firewall rules; allow only authorized engineering workstations and SCADA networks
HARDENINGImplement network segmentation to isolate NC2 from untrusted networks and the internet
WORKAROUNDMonitor for and block requests containing common XSS payloads (e.g., script tags, javascript: URIs) using a Web Application Firewall if available
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGTrain operators and engineering staff to avoid clicking suspicious links or opening unexpected URLs that reference the NC2 interface
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fecb6deb-2d52-4b41-a8f2-98b6c8f506b5