CVE-2023-5986

Name of the Vulnerable Software and Affected Versions EcoStruxure PowerSCADA Operation (PSO) - Advanced Reporting and Dashboards Module versions (affected versions not specified) EcoStruxure PowerOperation (EPO) - Advanced Reporting and Dashboards Module versions (affected versions not specified) EcoStruxure Power Monitoring Expert versions (affected versions not specified)

Description A URL redirection to untrusted site issue exists, potentially leading to a cross-site scripting attack. By providing a URL-encoded input, attackers can cause the software's web application to redirect to a chosen domain after a successful login. This could allow a remote attacker to redirect a user to an arbitrary URL.

Recommendations For EcoStruxure PowerSCADA Operation (PSO) - Advanced Reporting and Dashboards Module, consider disabling the URL redirection feature until a patch is available. For EcoStruxure PowerOperation (EPO) - Advanced Reporting and Dashboards Module, restrict access to the module to minimize the risk of exploitation. For EcoStruxure Power Monitoring Expert, avoid using URL-encoded inputs in the affected web application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.