Cyber Posture

CVE-2024-9493

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0008 22.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9493 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the DLL hijacking flaw in the ToolStick installer by requiring timely patching per Silicon Labs advisory, eliminating the uncontrolled search path vulnerability.

CM-14 Signed Components good match
prevent

Enforces digital signing and validation of software components including DLLs, preventing the installer from loading malicious unsigned DLLs placed in the search path.

SI-3 Malicious Code Protection partial match
preventdetect

Deploys malicious code protection to scan and block attacker-placed malicious DLLs in directories searched by the ToolStick installer.

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
Why these techniques?

Direct match to DLL side-loading via uncontrolled search path in installer executable, enabling malicious DLL load on user execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Deeper analysisAI

CVE-2024-9493 is a DLL hijacking vulnerability stemming from an uncontrolled search path (CWE-427) in the ToolStick installer from Silicon Labs. This flaw affects users running the impacted installer, enabling malicious DLL loading during execution. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with local access and user interaction.

A local attacker with no required privileges can exploit this by placing a malicious DLL in a directory included in the installer's search path. When a user runs the ToolStick installer, it loads the attacker's DLL instead of the legitimate one, resulting in privilege escalation and arbitrary code execution with the installer's privileges.

Silicon Labs has published an advisory on their community site (https://community.silabs.com/068Vm00000JUQwd) addressing the issue, with details on mitigations for affected ToolStick installer versions.

Details

CWE(s)
CWE-427

Affected Products

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-23755Shared CWE-427
CVE-2026-5397Shared CWE-427
CVE-2026-2713Shared CWE-427
CVE-2024-57426Shared CWE-427
CVE-2024-57963Shared CWE-427
CVE-2025-21127Shared CWE-427
CVE-2024-57964Shared CWE-427
CVE-2024-9498Shared CWE-427
CVE-2024-55543Shared CWE-427
CVE-2025-54519Shared CWE-427

References