CVE-2024-0400 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-0400 PUBLISHED CVSS 7.5 HIGH

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability.

EPSS 0.26% · 49.1th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.26%

49.1th percentile

Affected Products

Vendor	Product	Versions
hitachi_energy	mach_scm	4.0
Hitachi Energy	MACH SCM	4.0

Timeline

Mar 27, 2024 EPSS Score
Mar 27, 2024 CVE Published
Apr 21, 2024 EPSS Score
May 16, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Jul 30, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Sep 22, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 16, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 31, 2024 EPSS Score

References

Open in Interactive Console →