PatchSiren cyber security CVE debrief
CVE-2024-11797 Fuji Electric CVE debrief
CVE-2024-11797 is a high-severity buffer overflow vulnerability in Fuji Electric Monitouch V-SFT, an HMI (Human-Machine Interface) software used in industrial control systems. The flaw exists in the parsing of V8 files, where improper validation of user-supplied data can result in a write past the end of an allocated buffer. This vulnerability requires user interaction—specifically, the target must visit a malicious page or open a malicious file—to trigger exploitation. Successful exploitation allows remote attackers to execute arbitrary code in the context of the current process. The vulnerability was initially disclosed on December 3, 2024, and subsequently updated in April 2025 when Fuji Electric released a patched version.
- Vendor
- Fuji Electric
- Product
- Monitouch V-SFT
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-03
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-12-03
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Fuji Electric Monitouch V-SFT in industrial environments, including manufacturing, energy, and critical infrastructure sectors. Security teams responsible for OT/ICS asset protection, HMI workstation administrators, and industrial automation engineers should prioritize patching and defensive measures.
Technical summary
The vulnerability stems from insufficient bounds checking during V8 file parsing in Monitouch V-SFT. When processing a malformed V8 file, the application fails to validate user-supplied data lengths, permitting an out-of-bounds write on the heap or stack buffer. This memory corruption primitive can be leveraged to overwrite function pointers or return addresses, ultimately achieving arbitrary code execution within the context of the Monitouch V-SFT process. The attack vector is local/remote via user interaction (AV:L/AC:L/PR:N/UI:R), with high impact on confidentiality, integrity, and availability.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Fuji Electric Monitouch V-SFT to Version 6.2.6.0 or later, released in April 2025 to address this vulnerability.
- Implement strict file validation controls to block untrusted V8 files from entering operational environments.
- Deploy application whitelisting and endpoint protection on engineering workstations running Monitouch V-SFT.
- Restrict network access for HMI engineering systems and isolate them from untrusted networks.
- Train personnel to recognize and avoid opening files from untrusted sources, particularly V8 project files.
- Monitor for anomalous process behavior or unexpected code execution within Monitouch V-SFT processes.
Evidence notes
The vulnerability was initially published by CISA on December 3, 2024, as ICSA-24-338-05. An update (Update A) was issued on April 24, 2025, adding the release of Version 6.2.6.0 to the mitigation section. A subsequent revision on May 6, 2025, corrected typos. The affected product is Fuji Electric Monitouch V-SFT versions 6.2.3.0 and earlier.
Official resources
-
CVE-2024-11797 CVE record
CVE.org
-
CVE-2024-11797 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-03