All the vulnerabilites related to Hitachi Energy - MACH SCM Server
cve-2024-2097
Vulnerability from cvelistv5
Published
2024-03-27 02:26
Modified
2025-09-30 13:44
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
An authenticated malicious client can send a special LINQ query
to execute arbitrary code remotely (RCE) on the SCM server
from List control, and execute the arbitrary code on the same
system where SCMArchivedEventViewerTool is installed in the
case of SCM Tools.
References
| ▼ | URL | Tags |
|---|---|---|
| https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hitachi Energy | MACH SCM Server | |
| Hitachi Energy | MACH SCM Tools |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "modular_advanced_control_for_hvdc",
"vendor": "hitachienergy",
"versions": [
{
"lessThanOrEqual": "4.38",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:47:19.350980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:44:45.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MACH SCM Server",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "4.38.3",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MACH SCM Tools",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."
}
],
"value": "An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "MACH SCM Server"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "MACH SCM Tools"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T12:31:18.779Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2097",
"datePublished": "2024-03-27T02:26:17.338Z",
"dateReserved": "2024-03-01T15:56:00.646Z",
"dateUpdated": "2025-09-30T13:44:45.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}