CVE-2024-47485 – A CSV injection vulnerability in HikCentral Mas... (How to Fix)

Q: What is the severity of CVE-2024-47485?

CVE-2024-47485 has a CVSS score of 9.8 (CRITICAL). A CSV injection vulnerability in HikCentral Master Lite allows attackers to embed executable commands in CSV files. When users open these malicious files, commands could execute on their systems. This affects organizations using vulnerable HikCentral Master Lite versions.

📋 TL;DR

A CSV injection vulnerability in HikCentral Master Lite allows attackers to embed executable commands in CSV files. When users open these malicious files, commands could execute on their systems. This affects organizations using vulnerable HikCentral Master Lite versions.

💻 Affected Systems

Products:

HikCentral Master Lite

Versions: Specific versions not detailed in advisory; check vendor advisory for exact affected versions

Operating Systems: Windows-based systems running HikCentral Master Lite

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in CSV export/import functionality; requires user interaction to open malicious CSV files

📦 What is this software?

Hikcentral Master by Hikvision

View all CVEs affecting Hikcentral Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment

🟠

Likely Case

Local code execution on user workstations when opening malicious CSV files, potentially leading to lateral movement

🟢

If Mitigated

Limited impact if proper file validation and user awareness prevent malicious file execution

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to get users to open malicious CSV files; no authentication bypass needed once file is opened

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-product-series/

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected versions. 2. Download and install the latest patched version from Hikvision. 3. Restart the HikCentral Master Lite service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable CSV Import/Export

windows

Temporarily disable CSV import/export functionality if not required

Configuration dependent - disable via application settings or restrict file permissions

User Awareness Training

all

Train users not to open CSV files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized commands
Use network segmentation to isolate HikCentral systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check HikCentral Master Lite version against vendor advisory; test CSV import with safe test payloads

Check Version:

Check version in HikCentral Master Lite application interface or installation directory

Verify Fix Applied:

Verify installed version matches patched version from vendor advisory; test CSV import functionality

📡 Detection & Monitoring

Log Indicators:

Unusual CSV file imports
Suspicious command execution events in system logs

Network Indicators:

Unexpected outbound connections from HikCentral systems

SIEM Query:

source="HikCentral" AND (event="CSV_import" OR event="file_upload") AND suspicious_patterns

📊 Metadata

CVE ID: CVE-2024-47485

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1236

Published: October 18, 2024

Last Updated: March 13, 2025

🔗 References

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-product-series/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47485, you might also want to check these: