Wednesday, July 8, 2026

Looking Back – 11-2-13, Nordex Alert

Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today a blog post from November 2nd, 2013, made the list. It described an ICS-CERT alert about a cross-site scripting vulnerability wind turbine generator SCADA/HMI produced by Nordex. CISA’s predecessor used to issue ‘Alerts’ for reports of exploitable vulnerabilities while they were trying to work with the vendor to mitigate the issue. Unfortunately, these ‘Alerts’ were not subsequently tied to the Advisory that reported that mitigation. For this Alert the Advisory can be found here; that Advisory is as interesting as the alert. 

The Alert blog post also includes an interesting comment from Jake Brodsky about Shodan and the SHINE Project. 

BTW: The Darius Freamon Blog is still active. 

No comments:

 
/* Use this with templates/template-twocol.html */