28 matches found
EUVD-2016-3371
Malware in sbrugna...
EUVD-2015-3981
Malware in sbrugna...
EUVD-2015-0993
Malware in sbrugna...
CVE-2016-2287
Cross-site scripting XSS vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-2287
The CVE-2016-2287 vulnerability affects XZERES 442SR Wind Turbine OS: a Cross-Site Scripting (CWE-79) flaw in the web-based interface due to inadequate input validation, enabling remote injection of script/HTML via unspecified vectors. ICS-CERT Update C confirms XZERES has produced a patch to mit...
CVE-2016-2287
Cross-site scripting XSS vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
XZERES 442SR Wind Turbine 弱口令漏洞
No description provided by source...
XZERES 442SR Wind Turbine CSRF漏洞
No description provided by source...
XZERES 442SR Wind Turbine Web Interface XSS Vulnerability (Dec 2015) - Active Check
XZERES 442SR Wind Turbine Web Interface is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...
XZERES 442SR Wind Turbine Remote Detection
Detects the installed version of XZERES 442SR Wind Turbine. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
XZERES 442SR Wind Turbine Cross Site Scripting
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability AFFECTED PRODUCTS XZERES is a US-based energy company that maintains offices in several countries around the world, including the UK, Italy, Japan, Vietnam, Philippines, and Myanmar. The affected product, 442SR Wind Turbine, has a...
XZERES 442SR Wind Turbine Vulnerability
OVERVIEW Independent researcher Maxim Rupp has identified a cross-site request forgery CSRF vulnerability in XZERES’s 442SR turbine generator operating system OS. XZERES has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability (Update C)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-342-01B XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published March 21, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update C Part 1 of 2 -------- Independent researchers Karn...
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-342-01B XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published March 21, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update C Part 1 of 2 -------- Independent researchers Karn...
Plaintext Credentials Threaten RLE Wind Turbine HMI
A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp...
Researcher Finds CSRF Bug in Wind Turbine Software
UPDATE–Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher named Maxim Rupp has...
XZERES 442SR OS Cross-Site Request Forgery Vulnerability (CNVD-2015-03663)
The XZERES 442SR OS is a 442SR model turbine generator. The XZERES 442SR OS suffers from a cross-site request forgery vulnerability that allows a remote attacker to construct a malicious URI, trick a user into resolving it, and can perform malicious actions in the context of the target user...
CVE-2015-3950
Cross-site request forgery CSRF vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request...