XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability

CVEs (1)

Remediations

• XZERES has developed a Secure Gateway that is a module that installs in-line with the Internet to the Controller board. Once this module is installed, only authorized users will be allowed to access the system. Access is granted by verified users through XZERES or a dealer. For more information and availability please contact XZERES at 1-877-404-9438.
• XZERES has also issued Netbook Computers with the sale of the 442 turbine to some users. These Netbook systems are pre-configured by XZERES for a Secure Remote Connection system that will provide adequate protection from the vulnerability mentioned above.
• XZERES recommends that any users currently operating turbines without the XZERES Secure Gateway and with Port Forwarding through their Internet router to proactively shut that port forwarding feature down to mitigate risk to operation. For users utilizing a cellular solution that does not have a firewall/router installed, XZERES recommends turning off the connection to the Internet until one of the recommended solutions has been proactively implemented.
• For questions or concerns about the vulnerability or remote access, users may contact (mailto:[email protected]) or call 1-877-404-9438 (Option 4) for instructions and support implementing the mitigations.

Affected Vendors

Affected Products (1)