{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/nordex/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25333"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["N149/4.0-4.5 Wind Turbine Web Server 4.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25333","webserver","industrial-control-system"],"_cs_type":"advisory","_cs_vendors":["Nordex"],"content_html":"\u003cp\u003eNordex N149/4.0-4.5 Wind Turbine Web Server 4.0 is susceptible to a critical SQL injection vulnerability, identified as CVE-2018-25333. An unauthenticated attacker can exploit this flaw by injecting malicious SQL code into the login parameter of the login.php script. This allows the attacker to bypass authentication, execute arbitrary SQL queries, potentially gaining unauthorized access to sensitive data within the turbine\u0026rsquo;s web server database. The vulnerability was reported in May 2026. Successful exploitation could lead to a full compromise of the wind turbine\u0026rsquo;s control systems, enabling attackers to manipulate operational settings and potentially cause physical damage.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 running a vulnerable version of the web server software.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP POST request targeting the \u003ccode\u003elogin.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted POST request includes an SQL injection payload within the \u003ccode\u003elogin\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe web server processes the POST request without properly sanitizing the \u003ccode\u003elogin\u003c/code\u003e parameter, allowing the SQL injection payload to be executed.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code executes arbitrary SQL queries against the database, potentially extracting sensitive information such as usernames, passwords, or configuration data.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted credentials or the ability to execute arbitrary queries to bypass authentication mechanisms.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to the wind turbine\u0026rsquo;s control panel.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates operational settings, potentially causing the turbine to malfunction or shut down, or exfiltrates proprietary data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25333) can lead to a full compromise of the affected Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0. Attackers can extract sensitive database information, bypass authentication, and gain unauthorized control over the wind turbine\u0026rsquo;s operational settings. This can result in financial losses due to downtime, physical damage to the turbine, and potential safety hazards. While the number of affected installations is not specified, this vulnerability poses a significant risk to organizations operating Nordex wind turbines.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the vendor-provided patch or upgrade to a secure version of the Nordex N149/4.0-4.5 Wind Turbine Web Server to remediate CVE-2018-25333.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Nordex Wind Turbine SQL Injection Attempt\u0026rdquo; to monitor for POST requests with SQL injection attempts targeting the login.php endpoint.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to filter out malicious SQL injection payloads in HTTP POST requests targeting the login.php endpoint.\u003c/li\u003e\n\u003cli\u003eConduct regular security audits and penetration testing on wind turbine systems to identify and address potential vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-17T13:19:58Z","date_published":"2026-05-17T13:19:58Z","id":"https://feed.craftedsignal.io/briefs/2026-05-nordex-sql-injection/","summary":"Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 is vulnerable to SQL injection (CVE-2018-25333), allowing unauthenticated attackers to execute arbitrary SQL queries and extract sensitive information via crafted POST requests to login.php.","title":"Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection Vulnerability (CVE-2018-25333)","url":"https://feed.craftedsignal.io/briefs/2026-05-nordex-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Nordex","version":"https://jsonfeed.org/version/1.1"}