ID
VAR-202311-0697
CVE
CVE-2023-5986
TITLE
Open redirect vulnerability in Schneider Electric EcoStruxure Power Monitoring Expert
Trust: 0.6
DESCRIPTION
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric of France for power distribution monitoring in an IoT environment. Schneider Electric EcoStruxure Power Monitoring Expert has an open redirect vulnerability. This vulnerability is caused by the system not properly handling target jumps. Attackers can use this vulnerability to redirect users to malicious websites for phishing and other attacks
Trust: 1.53
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | schneider electric | model: | ecostruxure power monitoring expert | scope: | eq | version: | 2021 | Trust: 1.0 |
| vendor: | schneider electric | model: | ecostruxure power monitoring expert | scope: | eq | version: | 2020 | Trust: 1.0 |
| vendor: | schneider | model: | electric ecostruxure power monitoring expert cu2 | scope: | lte | version: | <=2020 | Trust: 0.6 |
| vendor: | schneider | model: | electric ecostruxure power monitoring expert cu1 | scope: | lte | version: | <=2021 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-601 | Trust: 1.0 |
PATCH
| title: | Patch for Open redirect vulnerability in Schneider Electric EcoStruxure Power Monitoring Expert | url: | https://www.cnvd.org.cn/patchInfo/show/533646 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-5986 | Trust: 1.7 |
| db: | SCHNEIDER | id: | SEVD-2023-318-02 | Trust: 1.1 |
| db: | CNVD | id: | CNVD-2024-13562 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-5986 | Trust: 0.1 |
REFERENCES
| url: | https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-318-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-318-02.pdf | Trust: 1.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-5986 | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2024-13562 |
| db: | VULMON | id: | CVE-2023-5986 |
| db: | NVD | id: | CVE-2023-5986 |
LAST UPDATE DATE
2024-08-14T13:41:24.765000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-13562 | date: | 2024-03-15T00:00:00 |
| db: | VULMON | id: | CVE-2023-5986 | date: | 2023-11-15T00:00:00 |
| db: | NVD | id: | CVE-2023-5986 | date: | 2023-11-30T15:24:25.580 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-13562 | date: | 2024-03-15T00:00:00 |
| db: | VULMON | id: | CVE-2023-5986 | date: | 2023-11-15T00:00:00 |
| db: | NVD | id: | CVE-2023-5986 | date: | 2023-11-15T04:15:19.487 |