Lucene search

[email protected]CVE-2023-5987

HistoryNov 15, 2023 - 4:15 a.m.

CVE-2023-5987

2023-11-1504:15:19

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-5987

cwe-79

cross-site scripting

xss

web security

input validation

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability leading to a cross site scripting condition where
attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing
the injected payload.

Affected configurations

NVD

Node

schneider-electricecostruxure_power_monitoring_expertMatch2020-

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_1

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_2

schneider-electricecostruxure_power_monitoring_expertMatch2021-

schneider-electricecostruxure_power_monitoring_expertMatch2021cumulative_update_1

CPENameOperatorVersion
schneider-electric:ecostruxure_power_monitoring_expertschneider-electric ecostruxure power monitoring experteq2020
schneider-electric:ecostruxure_power_monitoring_expertschneider-electric ecostruxure power monitoring experteq2021

CPE	Name	Operator	Version
schneider-electric:ecostruxure_power_monitoring_expert	schneider-electric ecostruxure power monitoring expert	eq	2020
schneider-electric:ecostruxure_power_monitoring_expert	schneider-electric ecostruxure power monitoring expert	eq	2021

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Monitoring Expert (PME)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Version 2020 CU2 and prior"
      },
      {
        "status": "affected",
        "version": "Version 2021 CU1 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"
      },
      {
        "status": "affected",
        "version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-5987

prion1 cvelist1 nvd1