Malicious Client Can Execute Arbitrary Code Remotely via LINQ Query
CVE-2024-2097

7.5HIGH

Key Information:

Vendor: Hitachi
Status: Mach Scm
Vendor: CVE Published:; 27 March 2024

Summary

A vulnerability exists in Hitachi Energy's SCM Server where an authenticated malicious client can exploit the system by executing specially crafted LINQ queries. This action allows the user to perform remote code execution, leading to potential manipulation of server operations and unauthorized access to sensitive information. Without proper safeguards, this vulnerability poses a significant risk to organizations using the affected SCM Server versions.

Affected Version(s)

MACH SCM 4.0 <= 4.38

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 1, 2024