CVE-2024-0400 HIGH

CVE-2024-0400

Vendor Hitachi Energy
Product MACH SCM
Weakness CWE-94 · Code injection
Published March 27, 2024
Last update October 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability.

Key dates

02Disclosure timeline

March 27, 2024 CVE published
October 16, 2025 Record updated