Malicious Client Can Execute Arbitrary Code Remotely via LINQ Query
CVE-2024-2097

7.3HIGH

Key Information:

Vendor: Hitachi
Status: Mach Scm Server; Mach Scm Tools
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-2097?

A vulnerability exists in Hitachi Energy's SCM Server where an authenticated malicious client can exploit the system by executing specially crafted LINQ queries. This action allows the user to perform remote code execution, leading to potential manipulation of server operations and unauthorized access to sensitive information. Without proper safeguards, this vulnerability poses a significant risk to organizations using the affected SCM Server versions.

Affected Version(s)

MACH SCM Server 4.0 <= 4.38.3

MACH SCM Tools 1.0 <= 1.8

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

vendor-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 1, 2024

JSON