CVE-2023-5986
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-5986
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schneider Electric EcoStruxure Power Monitoring Expert 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric EcoStruxure Power Monitoring Expert是法国施耐德电气(Schneider Electric)公司的一个用于物联网环境中进行配电监控的设备。 Schneider Electric EcoStruxure Power Monitoring Expert存在安全漏洞,该漏洞源于存在重定向漏洞,可能会导致跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert (PME) | Version 2020 CU2 and prior | - | |
| Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module | Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021 | - | |
| Schneider Electric | EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module | EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2 | - |
II. Public POCs for CVE-2023-5986
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-5986
请登录查看更多情报信息。
Same Patch Batch · Schneider Electric · 2023-11-15 · 5 CVEs total
| CVE-2023-5984 | 7.2 HIGH | Schneider Electric ION8650和ION8800 安全漏洞 |
| CVE-2023-5987 | 6.1 MEDIUM | Schneider Electric EcoStruxure Power Monitoring Expert 安全漏洞 |
| CVE-2023-6032 | 5.3 MEDIUM | Schneider Electric Galaxy VS和Schneider Electric Galaxy VL 安全漏洞 |
| CVE-2023-5985 | 4.8 MEDIUM | Schneider Electric ION8650和ION8800 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: Schneider Electric
- CVE-2026-6332
Clear Text Storage of Sensitive Information on EcoStruxure™ - CVE-2026-6866
Initialization of a Resource with an Insecure Default vulner - CVE-2026-6865
Improper Limitation of a Pathname to a Restricted Directory - CVE-2026-4827
Insufficient Entropy vulnerability on Multiple Products - CVE-2026-2401
Schneider Electric PowerChute Serial Shutdown 日志信息泄露漏洞
Same weakness: CWE-601
- CVE-2026-42207
Magento LTS: Open Redirect via Unvalidated `uenc` Parameter - CVE-2026-44427
MCP Registry: Open Redirect - CVE-2026-44520
Docling-Graph: SSRF via Missing Internal IP Validation in UR - CVE-2026-45448
ntopng - CWE-601: URL Redirection to Untrusted Site ('Open R - CVE-2026-44503
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Author
V. Comments for CVE-2023-5986
No comments yet