CVE-2023-5986

Summary

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Power Monitoring Expert (PME)Version 2020 CU2 and prioraffected
Schneider ElectricEcoStruxure Power Monitoring Expert (PME)Version 2021 CU1 and prioraffected
Schneider ElectricEcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards ModuleAdvanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021affected
Schneider ElectricEcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards ModuleAdvanced Reporting and Dashboards Module 2020 prior to CU3affected
Schneider ElectricEcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards ModuleEcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2affected

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References