CVE-2024-57964

CVE-2024-57964 is a vulnerability involving insecure loading of dynamic link libraries (CWE-427) in the HVAC Energy Saving Program. This flaw could allow local attackers to potentially disclose sensitive information or execute arbitrary code on affected systems. The issue specifically affects the HVAC Energy Saving Program, with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high impact potential despite requiring local access and user interaction.

A local attacker with low privileges can exploit this vulnerability through low-complexity means, provided the user interacts in some way, such as opening a malicious file or triggering the insecure DLL loading. Successful exploitation could result in high confidentiality, integrity, and availability impacts, including information disclosure or arbitrary code execution on the affected system.

Mitigation details are outlined in the advisory published by Hitachi at https://www.hitachi.com/hirt/hitachi-sec/2025/001.html, which was referenced alongside the CVE published on 2025-02-18. Security practitioners should consult this advisory for patching instructions or workarounds specific to the HVAC Energy Saving Program.