PatchSiren cyber security CVE debrief
CVE-2024-11791 Fuji Electric CVE debrief
A stack-based buffer overflow vulnerability exists in Fuji Electric Monitouch V-SFT, an HMI (Human-Machine Interface) development software used in industrial control systems. The flaw occurs during parsing of V8C project files, where insufficient validation of user-supplied data length allows an attacker to overwrite the stack buffer. Successful exploitation requires user interaction—the target must open a malicious V8C file or visit a malicious page that triggers the vulnerable parsing routine. The vulnerability was disclosed by CISA on December 3, 2024, with an update published on May 6, 2025, that corrected documentation typos and confirmed vendor remediation availability. Fuji Electric released Monitouch V-SFT Version 6.2.6.0 in April 2025 to address this vulnerability.
- Vendor
- Fuji Electric
- Product
- Monitouch V-SFT
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-03
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-12-03
- Advisory updated
- 2025-05-06
Who should care
Industrial control system operators, OT security engineers, and manufacturing organizations using Fuji Electric Monitouch V-SFT for HMI development should prioritize this vulnerability. Organizations in critical infrastructure sectors—including energy, water, and manufacturing—relying on Monitouch HMI panels should ensure engineering workstations are patched promptly, as compromise of development environments could lead to deployment of malicious configurations to operational HMIs.
Technical summary
The vulnerability is a classic stack-based buffer overflow (CWE-121) in the V8C file parser component of Monitouch V-SFT. The parser fails to validate the length of user-supplied data before copying it to a fixed-size stack buffer. An attacker can craft a malicious V8C file with an oversized data field that triggers the overflow, overwriting return addresses or other stack variables to achieve arbitrary code execution within the context of the Monitouch V-SFT process. The attack vector is local (AV:L) with low attack complexity (AC:L), requiring user interaction (UI:R) but no privileges (PR:N). The confidentiality, integrity, and availability impacts are all rated high (C:H/I:H/A:H).
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Fuji Electric Monitouch V-SFT to Version 6.2.6.0 or later to remediate the stack-based buffer overflow vulnerability in V8C file parsing.
- Implement application whitelisting and restrict execution of Monitouch V-SFT to authorized users only, following CISA ICS recommended practices.
- Train operators and engineers to recognize and avoid opening unsolicited V8C project files or visiting untrusted websites that may host malicious content.
- Deploy network segmentation for engineering workstations running Monitouch V-SFT to limit lateral movement in case of compromise.
- Monitor for anomalous process behavior or unexpected network connections from Monitouch V-SFT processes as potential indicators of exploitation.
Evidence notes
The vulnerability description and remediation timeline are derived from CISA ICS Advisory ICSA-24-338-05 and its subsequent updates. The vendor fix (Version 6.2.6.0) was added in Update A (April 24, 2025) and confirmed in the May 6, 2025 revision. CVSS 3.1 vector confirms local attack vector with user interaction required.
Official resources
-
CVE-2024-11791 CVE record
CVE.org
-
CVE-2024-11791 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-03