CVE-2024-2097
HIGHHitachi Energy MACH SCM < 4.38.3 - Authenticated LINQ Code Execution
Title source: manualDescription
An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true
Scores
CVSS v3
7.5
EPSS
0.0046
EPSS Percentile
36.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (2)
Hitachi Energy/MACH SCM Server
4.0 - 4.38.3
Hitachi Energy/MACH SCM Tools
1.0 - 1.8
Published
Mar 27, 2024
Tracked Since
Feb 18, 2026