Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for MACH SCM Server by Hitachi Energy

    CVE-2024-2097 (GCVE-0-2024-2097)

    Vulnerability from nvd – Published: 2024-03-27 02:26 – Updated: 2025-10-21 14:15
    VLAI
    Summary
    An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MACH SCM Server Affected: 4.0 , ≤ 4.38.3 (custom)
    Create a notification for this product.
    Hitachi Energy MACH SCM Tools Affected: 1.0 , ≤ 1.8 (custom)
    Create a notification for this product.
    hitachienergy modular_advanced_control_for_hvdc Affected: 4.0 , ≤ 4.38 (custom)
        cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:38.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "modular_advanced_control_for_hvdc",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "lessThanOrEqual": "4.38",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2097",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:47:19.350980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T14:15:32.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MACH SCM Server",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "4.38.3",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MACH SCM Tools",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "1.8",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."
                }
              ],
              "value": "An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MACH SCM Server"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MACH SCM Tools"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T08:03:51.973Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2097",
        "datePublished": "2024-03-27T02:26:17.338Z",
        "dateReserved": "2024-03-01T15:56:00.646Z",
        "dateUpdated": "2025-10-21T14:15:32.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2097 (GCVE-0-2024-2097)

    Vulnerability from cvelistv5 – Published: 2024-03-27 02:26 – Updated: 2025-10-21 14:15
    VLAI
    Summary
    An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy MACH SCM Server Affected: 4.0 , ≤ 4.38.3 (custom)
    Create a notification for this product.
    Hitachi Energy MACH SCM Tools Affected: 1.0 , ≤ 1.8 (custom)
    Create a notification for this product.
    hitachienergy modular_advanced_control_for_hvdc Affected: 4.0 , ≤ 4.38 (custom)
        cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:38.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "modular_advanced_control_for_hvdc",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "lessThanOrEqual": "4.38",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2097",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:47:19.350980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T14:15:32.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MACH SCM Server",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "4.38.3",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MACH SCM Tools",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "1.8",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."
                }
              ],
              "value": "An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MACH SCM Server"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "MACH SCM Tools"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T08:03:51.973Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2097",
        "datePublished": "2024-03-27T02:26:17.338Z",
        "dateReserved": "2024-03-01T15:56:00.646Z",
        "dateUpdated": "2025-10-21T14:15:32.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }