CVE-2015-6477

Vulnerability

The Wind Farm Portal application in Nordex Control 2 (NC2) SCADA V16 and prior versions contains multiple cross-site scripting (XSS) vulnerabilities [1]. The vulnerable parameter is the username field in the login form [2]. The application fails to properly neutralize user input before returning it in web pages, allowing injection of arbitrary HTML and JavaScript.

Exploitation

An attacker can exploit this vulnerability remotely without authentication by sending a crafted POST request to the /login endpoint with a malicious payload in the userName parameter [2]. No special network position or user interaction is required beyond the victim accessing the affected page. The proof-of-concept demonstrates injecting a script that triggers an alert box [2].

Impact

Successful exploitation allows the attacker to execute arbitrary HTML and script content in the context of the victim's browser session [1]. This can lead to session hijacking, redirection to malicious sites, network reconnaissance, and planting of backdoor programs [1]. The attacker gains the ability to manipulate the client-server session and potentially access control system networks.

Mitigation

Nordex has produced an update to mitigate this vulnerability, but the specific fixed version is not disclosed in the available references [1]. Users should contact Nordex for the patch. No workarounds are mentioned. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.