CVE-2024-2097

Summary

An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyMACH SCM Server4.0 <= 4.38.3affected
Hitachi EnergyMACH SCM Tools1.0 <= 1.8affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References