[ICS] XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability
XZERES is a US-based energy company that maintains offices in several countries around the world, including the UK, Italy, Japan, Vietnam, Philippines, and Myanmar.
The affected product, 442SR Wind Turbine, has a web-based interface system. According to XZERES, the 442SR is deployed across the Energy sector. XZERES estimates that this product is used worldwide.
Successful exploitation of this vulnerability could allow the injection of malicious script. This exploit can cause a loss of power for all attached systems.
Reported multiple vulnerabilities in eWON sa Industrial router. Response from eWON was not so surprisingly full of ignorance.
The following eWON router firmware versions are affected:
All eWON firmware versions prior to 10.1s0