CVE-2023-5987

Name of the Vulnerable Software and Affected Versions EcoStruxure PowerSCADA Operation (PSO) - Advanced Reporting and Dashboards Module versions (affected versions not specified) EcoStruxure PowerOperation (EPO) - Advanced Reporting and Dashboards Module versions (affected versions not specified) EcoStruxure Power Monitoring Expert versions (affected versions not specified)

Description The issue is related to the lack of protection of the web page structure, which can be exploited by a remote attacker to execute arbitrary JavaScript code. This can lead to a cross-site scripting condition where attackers can have a victim's browser run arbitrary JavaScript when they visit a page containing the injected payload.

Recommendations For EcoStruxure PowerSCADA Operation (PSO) - Advanced Reporting and Dashboards Module, consider disabling the execution of JavaScript code in the affected module until a patch is available. For EcoStruxure PowerOperation (EPO) - Advanced Reporting and Dashboards Module, restrict access to the vulnerable web pages to minimize the risk of exploitation. For EcoStruxure Power Monitoring Expert, avoid using the affected web pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.