VDB
ICSA-24-116-02
ICSA-24-116-02
PUBLISHED
CVSS 7.5 HIGH
Hitachi Energy is aware of LINQ query related vulnerabilities that affect MACH SCM product versions listed below. Authenticated malicious clients successfully exploiting these vulnerabilities could execute arbitrary code that an attacker otherwise does not have authorization to do. Please refer to the Recommended Immediate Actions for information about mitigation and remediation.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| MACH SCM Tools versions 1.8 and prior | ||
| MACH SCM versions 4.0 to 4.5 | ||
| MACH SCM versions 4.6 to 4.38.3 |
Timeline
- Mar 26, 2024 CVE Published
- Sep 30, 2025 CVE Updated
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-116-02.json advisory
- https://publisher.hitachienergy.com/preview?DocumentID=8DBD000189&LanguageCode=en&DocumentPartId=&Action=launch advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-116-02 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url