PatchSiren cyber security CVE debrief
CVE-2024-11794 Fuji Electric CVE debrief
A heap-based buffer overflow vulnerability in Fuji Electric Monitouch V-SFT allows remote attackers to execute arbitrary code when a user opens a malicious V10 project file. The flaw stems from insufficient validation of user-supplied data during V10 file parsing, enabling writes beyond allocated buffer boundaries. This vulnerability requires user interaction—specifically, the target must visit a malicious page or open a malicious file—to trigger exploitation. Successful exploitation grants code execution in the context of the current process. The vulnerability was disclosed on December 3, 2024, with an updated advisory published on May 6, 2025, confirming vendor remediation.
- Vendor
- Fuji Electric
- Product
- Monitouch V-SFT
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-03
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-12-03
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Fuji Electric Monitouch HMI systems in manufacturing, energy, water treatment, and other industrial sectors. Security teams responsible for OT/ICS asset management, patch management programs covering industrial software, and incident response teams handling potential targeted attacks against engineering workstations.
Technical summary
The vulnerability exists in the V10 file parsing component of Fuji Electric Monitouch V-SFT, a human-machine interface (HMI) programming software used in industrial control systems. Insufficient bounds checking during parsing allows attacker-controlled data to write past the end of an allocated heap buffer. This memory corruption can be leveraged to achieve arbitrary code execution within the context of the V-SFT process. The attack vector requires local access with user interaction (AV:L/UI:R per CVSS 3.1), typically through social engineering to entice a user into opening a crafted V10 project file. The vulnerability affects versions 6.2.3.0 and earlier; version 6.2.6.0 contains the vendor fix.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Fuji Electric Monitouch V-SFT to Version 6.2.6.0 or later to remediate this vulnerability.
- Restrict user permissions to prevent unauthorized installation or execution of software.
- Train users to avoid opening unsolicited V10 project files or visiting untrusted websites.
- Implement application whitelisting to prevent execution of unauthorized binaries.
- Deploy endpoint protection with behavioral monitoring to detect anomalous process behavior.
- Segment OT networks from enterprise IT networks to limit lateral movement if compromise occurs.
- Monitor for suspicious file access patterns involving V10 files from unexpected sources.
Evidence notes
CISA ICS Advisory ICSA-24-338-05 (Update A) documents this vulnerability as a buffer overflow in V10 file parsing with CVSS 3.1 score 7.8. The advisory was initially published December 3, 2024, with Update A released April 24, 2025, adding Version 6.2.6.0 to mitigations, and a revision on May 6, 2025. Vendor fix confirmed: Fuji Electric released Monitouch V-SFT Version 6.2.6.0 in April 2025.
Official resources
-
CVE-2024-11794 CVE record
CVE.org
-
CVE-2024-11794 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-03