Lucene search

[email protected]CVE-2023-5986

HistoryNov 15, 2023 - 4:15 a.m.

CVE-2023-5986

2023-11-1504:15:19

CWE-601

[email protected]

web.nvd.nist.gov

cve-2023-5986

cwe-601

url redirection

untrusted site

openredirect

cross site scripting

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.

Affected configurations

NVD

Node

schneider-electricecostruxure_power_monitoring_expertMatch2020-

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_1

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_2

schneider-electricecostruxure_power_monitoring_expertMatch2021-

schneider-electricecostruxure_power_monitoring_expertMatch2021cumulative_update_1

CPENameOperatorVersion
schneider-electric:ecostruxure_power_monitoring_expertschneider-electric ecostruxure power monitoring experteq2020
schneider-electric:ecostruxure_power_monitoring_expertschneider-electric ecostruxure power monitoring experteq2021

CPE	Name	Operator	Version
schneider-electric:ecostruxure_power_monitoring_expert	schneider-electric ecostruxure power monitoring expert	eq	2020
schneider-electric:ecostruxure_power_monitoring_expert	schneider-electric ecostruxure power monitoring expert	eq	2021

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Monitoring Expert (PME)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Version 2020 CU2 and prior"
      },
      {
        "status": "affected",
        "version": "Version 2021 CU1 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"
      },
      {
        "status": "affected",
        "version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-5986

nvd1 prion1 cvelist1