XZERES 442SR Wind Turbine Cross Site Scripting
Posted on 25 December 2015
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability *AFFECTED PRODUCTS* XZERES is a US-based energy company that maintains offices in several countries around the world, including the UK, Italy, Japan, Vietnam, Philippines, and Myanmar. The affected product, 442SR Wind Turbine, has a web-based interface system. According to XZERES, the 442SR is deployed across the Energy sector. XZERES estimates that this product is used worldwide. *Reference* https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01 *Vulnerable parameter* id *PoC* http://<IP>/details?object=Inverter&id=2<script>alert(xss-id-parameter") </script> -- Best Regards, Karn Ganeshen
