Tuesday, October 13, 2015

ICS-CERT Publishes Nordex Advisory

Today the DHS ICS-CERT published an advisory for a cross-site scripting vulnerability in the Nordex NC2 Wind Farm Portal application. The vulnerability was reported by Karn Ganeshen. Nordex has produced an update to mitigate this vulnerability, but there is no indication that Ganeshen has been provided the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to download a malicious script.

No comments:

/* Use this with templates/template-twocol.html */