OTPulse
FeedAboutContact

Nordex NC2 XSS Vulnerability

Act Now6.1ICS-CERT ICSA-15-286-01Jul 16, 2015
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Nordex Control 2 (NC2) SCADA web interface contains a reflected cross-site scripting (XSS) vulnerability in web pages that accept user input without proper sanitization or encoding. An attacker can inject malicious JavaScript code that executes in the browser of any operator or engineer who visits a crafted URL. This vulnerability affects all versions prior to 16, and the vendor has not released a patch.

What this means
What could happen
An attacker could inject malicious code into the NC2 SCADA web interface that runs in the browser of any operator or engineer who visits a compromised page, potentially allowing credential theft or unauthorized command execution.
Who's at risk
This affects energy sector organizations running Nordex Control 2 (NC2) SCADA systems, particularly the web-based human-machine interface (HMI) used by plant operators, control room engineers, and maintenance staff to monitor and manage wind turbine systems and associated power generation infrastructure.
How it could be exploited
An attacker crafts a malicious URL or tricks an operator into visiting a compromised web page. The NC2 web interface reflects unsanitized user input in the HTTP response without properly encoding it. The injected code runs in the operator's browser with their session privileges, allowing the attacker to steal session cookies, capture keystrokes, or redirect the operator to a phishing site.
Prerequisites
  • Network access to the NC2 SCADA web interface
  • User interaction required—an operator or engineer must click a malicious link or visit a compromised page
  • No credentials needed to craft the exploit, but the malicious payload must reach an authenticated user session
Remotely exploitableNo authentication required to craft the exploitLow complexity attackUser interaction requiredHigh EPSS score (32.5%)No patch available—vendor will not fix end-of-life product
Exploitability
High exploit probability (EPSS 32.5%)
Affected products (1)
ProductAffected VersionsFix Status
Nordex Control 2 (NC2) SCADA: <16<16No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDDeploy a Web Application Firewall (WAF) or URL filter to block malicious requests targeting NC2 web interface parameters known to be vulnerable
HARDENINGEducate operators and engineers to avoid clicking suspicious links and only access NC2 through trusted, bookmarked URLs
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGRestrict web interface access to authorized engineering workstations only using host-based or network-based access controls
Mitigations - no patch available
0/1
Nordex Control 2 (NC2) SCADA: <16 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate NC2 SCADA systems from general IT networks and untrusted Internet traffic
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d299c5bd-7b4f-432d-a35b-974718cff1b6
Nordex NC2 XSS Vulnerability | CVSS 6.1 - OTPulse