Cyber Posture

CVE-2024-57963

High

Published: 18 February 2025

Published
18 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57963 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Hitachi (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the insecure DLL loading flaw in the USB-CONVERTERCABLE DRIVER, directly preventing local attackers from disclosing information or executing arbitrary code.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Verifies and monitors the integrity of the driver software and its dynamic link libraries to prevent or detect unauthorized modifications exploited via insecure loading.

CM-14 Signed Components good match
prevent

Mandates the use of digitally signed components for the USB-CONVERTERCABLE DRIVER and its DLLs, blocking the loading of malicious or unsigned libraries through the vulnerable mechanism.

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
Why these techniques?

Insecure DLL loading (CWE-427) directly maps to DLL Side-Loading for local arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:.

Deeper analysisAI

CVE-2024-57963 is an insecure loading of dynamic link libraries vulnerability (CWE-427) discovered in the USB-CONVERTERCABLE DRIVER. This flaw affects the USB-CONVERTERCABLE DRIVER component, potentially allowing local attackers to disclose sensitive information or execute arbitrary code on impacted systems. The vulnerability received a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

A local attacker with low privileges can exploit this vulnerability by leveraging the insecure DLL loading mechanism, though it requires user interaction to trigger. Successful exploitation could enable the attacker to disclose information from the system or execute arbitrary code with the privileges of the affected driver process, potentially leading to full system compromise if chained with other flaws.

For mitigation details, refer to the Hitachi security advisory at https://www.hitachi.com/hirt/hitachi-sec/2025/001.html, published alongside the CVE disclosure on 2025-02-18.

Details

CWE(s)
CWE-427

Affected Products

Hitachi
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-23755Shared CWE-427
CVE-2024-9493Shared CWE-427
CVE-2026-5397Shared CWE-427
CVE-2026-2713Shared CWE-427
CVE-2024-57426Shared CWE-427
CVE-2025-21127Shared CWE-427
CVE-2024-57964Shared CWE-427
CVE-2024-9498Shared CWE-427
CVE-2024-55543Shared CWE-427
CVE-2025-54519Shared CWE-427

References