CVE-2014-5408

Summary

Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Affected Software

VendorProductVersion RangeStatus
NordexNordex Control 2 (NC2) SCADA0 <= 15affected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References