Visit windpowermonthlyevents.com for the latest on our upcoming conferences and webcasts

United States

United States

US government uncovers possible security flaw in Nordex software

UNITED STATES: A potential vulnerability with the Nordex Control 2 application has been flagged up by a security team with the US Department of Homeland Security.

The problem has been uncovered by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the USA's National Cybersecurity & Communications Integration Center (NCCIC) Homeland Security.

NCCIC/ICS-CERT stated 31 October 2013 that "it is aware of a public report of a Cross-Site Scripting vulnerability affecting the Nordex Control 2 (NC2) application".

In effect, this means the application software does not require that every single incoming message is checked for identification code and password. The loophole could allow users of the web application or others to access and alter the web content with malicious intent.

The report NCCIC/ICS-CERT that passed on was by then third hand. Independent researcher Darius Freamon had originally published his findings on his blog and was reported on OSVDB, an open-source vulnerability database website, on 18 October 2013, the NCCIC/ICS-CERT report said.

The Nordex brochure titled "Control 2 cockpit for wind power plants", published in August 2008, describes the web application as providing "interactive access" to all of the principle operating modes and data concerning all aspects of the wind turbines and the wind parks.

The OSVDB report said the vulnerability "may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server."

Questioned by Windpower Monthly, Nordex said it was investigating the claims but was unable to comment further.

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus
Only [DAYS_LEFT] days Subscribe Now

Left of your Windpower Monthly free trial

Your free trial Subscribe Now

to Windpower Monthly has expired

Windpower Monthly Events

Search more than 4,500 companies in the Windpower Directory

Latest Jobs