
Last Update: February 14, 2025
Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER and HVAC Energy Savings Program, which could allow local attackers to potentially disclose information or execute arbitrary code on affected systems. Exploitation of these vulnerabilities requires user interaction, such as opening a malicious file.
CVE-2024-57963: Insecure Loading of DLLs
The flaw in USB-CONVERTERCABLE DRIVER exists.
CVSS:2.0 AV:N/AC:M/Au:N/C:P/I:P/A:P [6.8]
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H [7.3]
CWE-427: Uncontrolled Search Path Element
CVE-2024-57964: Insecure Loading of DLLs
The flaw in HVAC Energy Savings Program exists.
These vulnerabilities allow users to potentially disclose information or to execute arbitrary code on a vulnerable system.
The USB-CONVERTERCABLE DRIVER and HVAC Energy Savings Program has already reached End of Life (EOL) and is not supported anymore. Hitachi recommends that this product be retired.
Sahil Shah and Shaurya reported these vulnerabilities.
Masato Terada (HIRT) and Naoko Ohnishi (HIRT)