Skip to Main Content

Hitachi Logo
earth icon
    mail icon Contact Us
    Hitachi Global
    Hitachi Global

    hitachi-sec-2025-001 : Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER and HVAC Energy Savings Program

    Last Update: February 14, 2025

    1. Overview

    Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER and HVAC Energy Savings Program, which could allow local attackers to potentially disclose information or execute arbitrary code on affected systems. Exploitation of these vulnerabilities requires user interaction, such as opening a malicious file.

    CVE-2024-57963: Insecure Loading of DLLs

    The flaw in USB-CONVERTERCABLE DRIVER exists.

     

    CVSS:2.0 AV:N/AC:M/Au:N/C:P/I:P/A:P [6.8]
    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H [7.3]
    CWE-427: Uncontrolled Search Path Element

    CVE-2024-57964: Insecure Loading of DLLs

    The flaw in HVAC Energy Savings Program exists.

     

    CVSS:2.0 AV:N/AC:M/Au:N/C:P/I:P/A:P [6.8]
    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H [7.3]
    CWE-427: Uncontrolled Search Path Element

    2. Affected Systems

    • Hitachi Industrial Equipment & Solutions America, LLC. USB-CONVERTERCABLE DRIVER
      cpe:2.3:a:hitachi:usb-convertercable-driver--54fb9a36-9a47-57a2-977d-2588be3790f8:*:*:*:*:*:*:*:*
    • Hitachi Industrial Equipment & Solutions America, LLC. HVAC Energy Saving Program
      cpe:2.3:a:hitachi:hvac-energy-savings-program--18751e96-672c-5129-a5fd-459ab65f2caf:*:*:*:*:*:*:*:*

    3. Impact

    These vulnerabilities allow users to potentially disclose information or to execute arbitrary code on a vulnerable system.

    4. Solution

    The USB-CONVERTERCABLE DRIVER and HVAC Energy Savings Program has already reached End of Life (EOL) and is not supported anymore. Hitachi recommends that this product be retired.

    5. References

    6. Credit

    Sahil Shah and Shaurya reported these vulnerabilities.

    7. Update history

    February 14, 2025

    • This webpage was newly created and published.

    Masato Terada (HIRT) and Naoko Ohnishi (HIRT)