to execute arbitrary code remotely (RCE) on the SCM server
from List control, and execute the arbitrary code on the same
system where SCMArchivedEventViewerTool is installed in the
case of SCM Tools.
Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 30 Sep 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hitachienergy
Hitachienergy modular Advanced Control For Hvdc |
|
CPEs | cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:4.0:*:*:*:*:*:*:* | |
Vendors & Products |
Hitachienergy
Hitachienergy modular Advanced Control For Hvdc |
|
Metrics |
ssvc
|
Tue, 30 Sep 2025 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. | An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools. |
Metrics |
cvssV3_1
|
cvssV3_1
|

Status: PUBLISHED
Assigner: Hitachi Energy
Published:
Updated: 2025-09-30T13:44:45.565Z
Reserved: 2024-03-01T15:56:00.646Z
Link: CVE-2024-2097

Updated: 2024-08-01T19:03:38.825Z

Status : Awaiting Analysis
Published: 2024-03-27T03:15:12.290
Modified: 2025-09-30T13:15:47.543
Link: CVE-2024-2097

No data.

No data.