The ICS-CERT is warning users about a reflected cross-site scripting vulnerability in a control interface for a wind-farm control portal manufactured by Nordex. The bug is remotely exploitable and could enable an attacker to run code on a vulnerable machine.
The Nordex NC2 is a control portal for a series of wind turbines manufactured by the company. Nordex Control 2 enables a user to control the settings and operations of wind turbines remotely. A researcher named Darius Freamon discovered a reflected XSS vulnerability in the software and published some details of it in the fall. ICS-CERT’s advisory says that the disclosure was not coordinated with the vendor or the CERT.
“NCCIC/ICS-CERT is aware of a public report of a Cross-Site Scripting vulnerability affecting the Nordex Control 2 (NC2) application, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by allowing a specially crafted request that could execute arbitrary script code. This report was released without coordination with either the vendor or NCCIC/ICS-CERT,” the advisory says.
The vulnerability was originally disclosed in October, but no fix has been made available and the details of the bug are available on the OSVDB site, as well.
“Nordex NC2 Wind Farm Portal contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate the ‘userName’ parameter upon submission to the /login script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server,” the OSVDB advisory says.
Nordex NC2 is a software application that gives users a portal to control the wind turbines they manage and receive data and reports from them. The researcher discovered the portal to be accessible on the Shodan search engine.
Image from Flickr photos of Robert Sharp.