PatchSiren cyber security CVE debrief
CVE-2024-11795 Fuji Electric CVE debrief
A stack-based buffer overflow vulnerability exists in Fuji Electric Monitouch V-SFT, an industrial control system (ICS) software used for programming human-machine interfaces (HMIs). The flaw resides in the parsing of V8 project files, where insufficient validation of user-supplied data length allows an attacker to overwrite the stack buffer. Successful exploitation requires user interaction—the target must open a malicious V8 file or visit a malicious page that triggers the vulnerable parser. The vulnerability was disclosed by CISA on December 3, 2024, with an update published on April 24, 2025, confirming vendor patch availability. Fuji Electric released Monitouch V-SFT Version 6.2.6.0 in April 2025 to remediate this issue. The CVSS 3.1 score of 7.8 (HIGH) reflects local attack vector with low complexity, no privileges required, but user interaction needed, resulting in high impact to confidentiality, integrity, and availability. Organizations using affected versions (6.2.3.0 and earlier) should prioritize upgrading to 6.2.6.0 and implement defense-in-depth controls for ICS environments, including network segmentation, restricted file handling policies, and user awareness training on suspicious file sources.
- Vendor
- Fuji Electric
- Product
- Monitouch V-SFT
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-03
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-12-03
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Fuji Electric Monitouch HMI systems in manufacturing, energy, water treatment, and other industrial sectors; ICS security teams responsible for engineering workstation protection; OT asset owners managing HMI development environments; compliance officers tracking CISA ICS advisory coverage for critical infrastructure risk management.
Technical summary
The vulnerability exists in the V8 file parser component of Fuji Electric Monitouch V-SFT, where a missing length check on user-supplied data enables a stack-based buffer overflow. When a crafted V8 file is opened, excessive data is copied to a fixed-size stack buffer, overwriting return addresses and enabling arbitrary code execution within the context of the current process. The attack requires local user interaction but no privileges, making it suitable for social engineering scenarios targeting ICS engineers. The vendor has addressed this with a patched release in April 2025.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Fuji Electric Monitouch V-SFT to Version 6.2.6.0 or later to remediate the stack-based buffer overflow vulnerability in V8 file parsing
- Implement network segmentation for ICS/OT environments to limit exposure of HMI programming workstations
- Establish and enforce policies restricting the opening of V8 project files from untrusted or unverified sources
- Deploy application whitelisting on engineering workstations to prevent execution of unauthorized code
- Conduct user awareness training for engineers and operators on recognizing and avoiding malicious file attachments and suspicious download sources
- Monitor for anomalous process execution within Monitouch V-SFT contexts as potential exploitation indicators
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control system environments
Evidence notes
Vulnerability disclosed via CISA ICS advisory ICSA-24-338-05 on December 3, 2024. Update A published April 24, 2025, added vendor fix information. Revision published May 6, 2025, for typo corrections. Vendor fix confirmed: Fuji Electric Monitouch V-SFT Version 6.2.6.0 released April 2025.
Official resources
-
CVE-2024-11795 CVE record
CVE.org
-
CVE-2024-11795 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-03