{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2097","assignerOrgId":"e383dce4-0c27-4495-91c4-0db157728d17","state":"PUBLISHED","assignerShortName":"Hitachi Energy","dateReserved":"2024-03-01T15:56:00.646Z","datePublished":"2024-03-27T02:26:17.338Z","dateUpdated":"2025-10-21T14:15:32.191Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"MACH SCM Server","vendor":"Hitachi Energy","versions":[{"lessThanOrEqual":"4.38.3","status":"affected","version":"4.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"MACH SCM Tools","vendor":"Hitachi Energy","versions":[{"lessThanOrEqual":"1.8","status":"affected","version":"1.0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."}],"value":"An authenticated malicious client can send a special LINQ query\nto execute arbitrary code remotely (RCE) on the SCM server\nfrom List control, and execute the arbitrary code on the same\nsystem where SCMArchivedEventViewerTool is installed in the\ncase of SCM Tools."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"MACH SCM Server"}]},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"MACH SCM Tools"}]}],"providerMetadata":{"orgId":"e383dce4-0c27-4495-91c4-0db157728d17","shortName":"Hitachi Energy","dateUpdated":"2025-10-16T08:03:51.973Z"},"references":[{"tags":["vendor-advisory"],"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:03:38.825Z"},"title":"CVE Program Container","references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}],"affected":[{"vendor":"hitachienergy","product":"modular_advanced_control_for_hvdc","cpes":["cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:4.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"4.0","status":"affected","lessThanOrEqual":"4.38","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-02T15:47:19.350980Z","id":"CVE-2024-2097","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T14:15:32.191Z"}}]}}