OpenCVE

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Ecostruxure Power Monitoring Expert

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:-::::::
	cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_1::::::
	cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_2::::::
	cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:-::::::
	cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:cumulative_update_1::::::

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-11-15T03:47:17.684Z

Updated: 2024-08-02T08:14:25.141Z

Reserved: 2023-11-07T10:57:54.715Z

Link: CVE-2023-5986

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-15T04:15:19.487

Modified: 2024-11-21T08:42:55.557

Link: CVE-2023-5986

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5986", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2023-11-07T10:57:54.715Z", "datePublished": "2023-11-15T03:47:17.684Z", "dateUpdated": "2024-08-02T08:14:25.141Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EcoStruxure Power Monitoring Expert (PME)", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Version 2020 CU2 and prior"}, {"status": "affected", "version": "Version 2021 CU1 and prior"}]}, {"defaultStatus": "unaffected", "product": "EcoStruxure Power Operation (EPO) \u2013 Advanced Reporting and Dashboards Module", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"}, {"status": "affected", "version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"}]}, {"defaultStatus": "unaffected", "product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"}], "value": "\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-11-15T03:47:17.684Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.141Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:-:*:*:*:*:*:*", "matchCriteriaId": "E4A6EB67-7D2A-4899-BAC7-18BD6F5D6700", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_1:*:*:*:*:*:*", "matchCriteriaId": "62689EF4-C9D4-47FB-9722-C9C2EFB0C858", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_2:*:*:*:*:*:*", "matchCriteriaId": "2D20050D-A7BB-4BB1-9C4C-DB3321DF087B", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:-:*:*:*:*:*:*", "matchCriteriaId": "B4579BF1-DD9F-4AD7-A1CE-2AD2B7389B8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:cumulative_update_1:*:*:*:*:*:*", "matchCriteriaId": "B38506D4-26CD-405C-99FC-0E8F9D39DA57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-601: Redireccionamiento de URL a un Sitio que No es de Confianza que podr\u00eda causar una vulnerabilidad de openredirect que conduzca a un ataque de cross site scripting. Al proporcionar una entrada codificada en URL, los atacantes pueden hacer que la aplicaci\u00f3n web del software se redirija al dominio elegido despu\u00e9s de iniciar sesi\u00f3n correctamente."}], "id": "CVE-2023-5986", "lastModified": "2024-11-21T08:42:55.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "cybersecurity@se.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-15T04:15:19.487", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}