CVE-2024-2097

CVSS 7.5 HIGHEPSS 0.5%CWE-94

An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Hitachi Energy · MACH SCM Server Hitachi Energy · MACH SCM Tools

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true