PatchSiren cyber security CVE debrief
CVE-2024-2097 Hitachi Energy CVE debrief
CVE-2024-2097 is a high-severity remote code execution vulnerability in Hitachi Energy MACH SCM and MACH SCM Tools, published on March 26, 2024. An authenticated attacker can craft a malicious LINQ query through the List control interface to execute arbitrary code on the SCM server. For SCM Tools installations, the same attack vector allows code execution on systems where SCMArchivedEventViewerTool is deployed. The vulnerability requires authentication and has high attack complexity, but successful exploitation grants complete system compromise (confidentiality, integrity, and availability impacts). The affected products include MACH SCM versions 4.0 through 4.38.3 and MACH SCM Tools versions 1.8 and prior. Vendor fixes are available: MACH SCM should be upgraded to version 4.38.4, and MACH SCM Tools should be upgraded to version 1.9. The advisory was updated on September 30, 2025 to expand affected version ranges and refine CVSS scoring for SCM Tools.
- Vendor
- Hitachi Energy
- Product
- MACH SCM
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-03-26
- Original CVE updated
- 2025-09-30
- Advisory published
- 2024-03-26
- Advisory updated
- 2025-09-30
Who should care
Organizations operating Hitachi Energy MACH SCM systems in critical infrastructure environments, including electric utilities, manufacturing facilities, and industrial automation deployments. Security teams responsible for OT/ICS asset management and patch coordination should prioritize this vulnerability due to the authenticated RCE capability and potential for complete system compromise.
Technical summary
The vulnerability exists in the List control component of MACH SCM, where insufficient input validation on LINQ queries allows authenticated users to inject and execute arbitrary code. The attack surface extends to SCM Tools installations through the SCMArchivedEventViewerTool component. The CVSS 3.1 score of 7.5 (High) reflects the significant impact despite requiring authentication and high attack complexity. The network attack vector and complete system compromise potential make this a critical patching priority for OT environments.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade MACH SCM to version 4.38.4 or later
- Upgrade MACH SCM Tools to version 1.9 or later
- Apply general mitigation factors per vendor guidance if immediate patching is not feasible
- Review and restrict access to List control functionality to authorized users only
- Monitor for anomalous LINQ query patterns in SCM server logs
- Implement network segmentation to limit SCM server exposure
- Apply CISA ICS recommended practices for defense-in-depth
Evidence notes
Vulnerability description and affected product versions derived from CISA CSAF advisory ICSA-24-116-02. CVSS 3.1 vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H confirms network-based attack with authentication required. Remediation guidance specifies exact fixed versions.
Official resources
-
CVE-2024-2097 CVE record
CVE.org
-
CVE-2024-2097 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-03-26