VDB

CVE-2024-0400

CVE-2024-0400 PUBLISHED CVSS 7.5 HIGH

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability.

EPSS 0.26% · 49.5th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.26%
49.5th percentile

Affected Products

VendorProductVersions
hitachi_energymach_scm4.0, 4.0
Hitachi EnergyMACH SCM4.0, 4.0

Exploit Intelligence

Timeline

  • Mar 27, 2024 EPSS Score
  • Mar 27, 2024 CVE Published
  • Apr 21, 2024 EPSS Score
  • May 17, 2024 EPSS Score
  • Jul 7, 2024 EPSS Score
  • Aug 1, 2024 EPSS Score
  • Aug 31, 2024 EPSS Score
  • Sep 25, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 21, 2024 EPSS Score
  • Dec 12, 2024 EPSS Score
  • Jan 6, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›