PatchSiren cyber security CVE debrief
CVE-2024-11789 Fuji Electric CVE debrief
A stack-based buffer overflow vulnerability exists in Fuji Electric Monitouch V-SFT, an HMI (Human-Machine Interface) development software used in industrial control systems. The flaw occurs during parsing of V10 project files, where insufficient validation of user-supplied data length allows an attacker to overwrite the stack buffer. Successful exploitation requires user interaction—the target must open a malicious V10 file or visit a malicious page that triggers the vulnerable code path. The vulnerability was disclosed by CISA on December 3, 2024, with an update published on April 24, 2025, confirming vendor fix availability, and a final revision on May 6, 2025. The vendor released Monitouch V-SFT Version 6.2.6.0 in April 2025 to address this vulnerability.
- Vendor
- Fuji Electric
- Product
- Monitouch V-SFT
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-03
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-12-03
- Advisory updated
- 2025-05-06
Who should care
Industrial control system engineers, OT security teams, manufacturing security operations, and organizations using Fuji Electric Monitouch HMI systems in production environments should prioritize this vulnerability. The software is used to develop and maintain operator interfaces for industrial processes, making it a high-value target for supply chain and initial access attacks against critical infrastructure.
Technical summary
The vulnerability exists in the V10 file parser of Fuji Electric Monitouch V-SFT, where user-supplied data length is not properly validated before being copied to a stack-based buffer. This classic stack buffer overflow condition allows an attacker to corrupt the stack, hijack execution flow, and achieve arbitrary code execution within the context of the current process. The attack vector is local (AV:L) with required user interaction (UI:R), meaning the attacker must convince a user to open a crafted V10 file. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability once the vulnerability is triggered.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Fuji Electric Monitouch V-SFT to Version 6.2.6.0 or later, released April 2025
- Implement application whitelisting to prevent execution of unauthorized V-SFT instances
- Train operators to avoid opening V10 files from untrusted sources
- Deploy endpoint protection with behavioral monitoring for HMI engineering workstations
- Segment HMI development systems from operational networks
- Maintain offline backups of critical V-SFT project files
Evidence notes
CISA ICS Advisory ICSA-24-338-05 published December 3, 2024, documents this vulnerability in Fuji Electric Monitouch V-SFT versions 6.2.3.0 and earlier. The advisory was updated on April 24, 2025 (Update A) to add the release of Version 6.2.6.0 to the mitigation section, and revised on May 6, 2025, for typo corrections. The vulnerability is a stack-based buffer overflow in V10 file parsing due to missing length validation.
Official resources
-
CVE-2024-11789 CVE record
CVE.org
-
CVE-2024-11789 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-03