CVE-2014-5408

Name of the Vulnerable Software and Affected Versions Nordex Control 2 (NC2) SCADA devices versions 15 and earlier

Description A cross-site scripting (XSS) issue exists in the login script of the Wind Farm Portal, allowing remote attackers to inject arbitrary web script or HTML via the username parameter. This could potentially lead to unauthorized access or control of the system.

Recommendations For Nordex Control 2 (NC2) SCADA devices versions 15 and earlier, consider disabling the login script temporarily until a fix is available, and restrict access to the Wind Farm Portal to minimize the risk of exploitation. Avoid using the username parameter in the affected login endpoint until the issue is resolved.