CVE-2024-2097

CVSS 7.5 HIGHEPSS 0.5%CWE-94

An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Hitachi Energy · MACH SCM Server Hitachi Energy · MACH SCM Tools

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true