Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program by Hitachi
CVE-2024-57964

7.3HIGH

Key Information:

Vendor: Hitachi
Status: Hvac Energy Saving Program
Vendor: CVE Published:; 18 February 2025

Summary

A vulnerability has been identified in Hitachi's HVAC Energy Saving Program, where the insecure loading of dynamic link libraries could potentially permit local attackers to access sensitive information or execute arbitrary code within affected systems. This vulnerability poses a significant risk to system integrity and confidentiality in environments utilizing this program. Proper remediation is essential to safeguard against unauthorized access and exploit attempts.

Affected Version(s)

HVAC Energy Saving Program 0

References

https://www.hitachi.com/hirt/hitachi-sec/2025/001.html

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Jan 29, 2025

Credit

Sahil Shah

Shaurya