CVE-2024-2097 HIGH

CVE-2024-2097

Vendor Hitachi Energy
Product MACH SCM Server
Published March 27, 2024
Last update October 21, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.

Key dates

02Disclosure timeline

March 27, 2024 CVE published
October 21, 2025 Record updated