CVE-2014-5408

CVE-2014-5408: Nordex NC2 Cross-site Scripting

Vendor Nordex
Product Nordex Control 2 (NC2) SCADA
Weakness CWE-79 · XSS
Published November 5, 2014
Last update November 3, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Key dates

02Disclosure timeline

November 5, 2014 CVE published
November 3, 2025 Record updated