CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2097
https://notcve.org/view.php?id=CVE-2024-2097
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. El cliente de control de lista autenticado puede ejecutar la consulta LINQ en el servidor SCM para presentar el evento como una lista para el operador. Un cliente malicioso autenticado puede enviar una consulta LINQ especial para ejecutar código arbitrario de forma remota (RCE) en el servidor SCM para lo cual, de otro modo, un atacante no tendría autorización. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0400
https://notcve.org/view.php?id=CVE-2024-0400
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability. El software SCM es una aplicación cliente y servidor. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •