Details of VAR-202311-0697

ID

VAR-202311-0697

CVE

CVE-2023-5986

TITLE

Schneider Electric EcoStruxure Power Monitoring Expert Open Redirection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-13562

DESCRIPTION

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. Schneider Electric EcoStruxure Power Monitoring Expert is a device developed by Schneider Electric for power distribution monitoring in IoT environments. Schneider Electric EcoStruxure Power Monitoring Expert has an open redirection vulnerability. The vulnerability is caused by the system not properly handling the target jump. Attackers can use this vulnerability to redirect users to malicious websites for phishing and other attacks

Trust: 1.53

sources: NVD: CVE-2023-5986 // CNVD: CNVD-2024-13562 // VULMON: CVE-2023-5986

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-13562

AFFECTED PRODUCTS

vendor:	schneider electric	model:	ecostruxure power monitoring expert	scope:	eq	version:	2021	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure power monitoring expert	scope:	eq	version:	2020	Trust: 1.0
vendor:	schneider	model:	electric ecostruxure power monitoring expert cu2	scope:	lte	version:	<=2020	Trust: 0.6
vendor:	schneider	model:	electric ecostruxure power monitoring expert cu1	scope:	lte	version:	<=2021	Trust: 0.6

sources: CNVD: CNVD-2024-13562 // NVD: CVE-2023-5986

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-5986
value:	MEDIUM
Trust: 1.0
cybersecurity@se.com:	CVE-2023-5986
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-13562
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-13562
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-5986
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
cybersecurity@se.com:	CVE-2023-5986
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-13562 // NVD: CVE-2023-5986 // NVD: CVE-2023-5986

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.0

sources: NVD: CVE-2023-5986

PATCH

title:

Patch for Schneider Electric EcoStruxure Power Monitoring Expert Open Redirection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/533646

Trust: 0.6

sources: CNVD: CNVD-2024-13562

EXTERNAL IDS

db:	NVD	id:	CVE-2023-5986	Trust: 1.7
db:	SCHNEIDER	id:	SEVD-2023-318-02	Trust: 1.1
db:	CNVD	id:	CNVD-2024-13562	Trust: 0.6
db:	VULMON	id:	CVE-2023-5986	Trust: 0.1

sources: CNVD: CNVD-2024-13562 // VULMON: CVE-2023-5986 // NVD: CVE-2023-5986

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-318-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-318-02.pdf	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-5986	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-13562 // VULMON: CVE-2023-5986 // NVD: CVE-2023-5986

SOURCES

db:	CNVD	id:	CNVD-2024-13562
db:	VULMON	id:	CVE-2023-5986
db:	NVD	id:	CVE-2023-5986

LAST UPDATE DATE

2025-03-13T23:02:11.797000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-13562	date:	2024-03-15T00:00:00
db:	VULMON	id:	CVE-2023-5986	date:	2023-11-15T00:00:00
db:	NVD	id:	CVE-2023-5986	date:	2023-11-30T15:24:25.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-13562	date:	2024-03-15T00:00:00
db:	VULMON	id:	CVE-2023-5986	date:	2023-11-15T00:00:00
db:	NVD	id:	CVE-2023-5986	date:	2023-11-15T04:15:19.487