CVE-2023-5987
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert (PME) | Version 2020 CU2 and prior | affected |
| Schneider Electric | EcoStruxure Power Monitoring Expert (PME) | Version 2021 CU1 and prior | affected |
| Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module | Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021 | affected |
| Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module | Advanced Reporting and Dashboards Module 2020 prior to CU3 | affected |
| Schneider Electric | EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module | EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.