CVE-2024-11787 Fuji Electric CVE debrief

Who should care

Industrial operators using Fuji Electric Monitouch V-SFT for HMI/SCADA applications; OT security teams; asset owners in manufacturing, energy, and critical infrastructure sectors

Technical summary

The vulnerability exists in the V10 file parsing component of Monitouch V-SFT. When processing a crafted V10 file, the application fails to validate the length of user-supplied data before copying it to a stack-based buffer. This classic stack buffer overflow condition allows an attacker to overwrite the return address and achieve arbitrary code execution in the context of the current process. The attack vector requires local access (AV:L) with user interaction (UI:R) to open the malicious file.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Fuji Electric Monitouch V-SFT to version 6.2.6.0 or later, released April 2025
• Implement application whitelisting to prevent execution of untrusted V10 files
• Train operators to avoid opening V10 files from untrusted sources
• Apply defense-in-depth strategies for industrial control systems per CISA guidance
• Segment OT networks to limit lateral movement if compromise occurs

Evidence notes

CISA published advisory ICSA-24-338-05 on 2024-12-03 with initial disclosure. Update A was released on 2025-04-24 adding version 6.2.6.0 to mitigations. A revision on 2025-05-06 corrected typos.

Official resources