CVE-2024-0400

HIGH

Hitachi Energy MACH SCM < 4.38 - Authenticated LINQ Code Execution

Title source: manual

Description

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability.

References (1)

Core 1

Core References

Various Sources

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true

Scores

CVSS v3 7.5

EPSS 0.0063

EPSS Percentile 45.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

Hitachi Energy/MACH SCM 4.0 - 4.38

Published Mar 27, 2024

Tracked Since Feb 18, 2026