Fuji Electric Monitouch V-SFT (Update A)

Plan Patch7.8ICS-CERT ICSA-24-151-02May 30, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Monitouch V-SFT versions below 6.2.3.0 contain type casting and buffer overflow vulnerabilities (CWE-843, CWE-121) that could allow an attacker with local access to execute arbitrary code. Exploitation requires user interaction, such as opening a malicious project file. These vulnerabilities are not remotely exploitable. Fuji Electric has released version 6.2.3.0 as a fix.

What this means

What could happen

An attacker with local access to a Monitouch V-SFT workstation could execute arbitrary code with the privileges of the logged-in user, potentially allowing modification of project configurations or engineering data used to control energy infrastructure.

Who's at risk

Energy sector operators (power utilities, generation plants) using Fuji Electric Monitouch V-SFT for SCADA/HMI engineering and configuration on workstations. Any user or contractor with physical or logical access to these workstations is an attack vector.

How it could be exploited

An attacker must have local access to a workstation running Monitouch V-SFT (version below 6.2.3.0). The vulnerabilities involve type casting errors (CWE-843) and buffer overflows (CWE-121) that could be triggered through user interaction—for example, opening a malicious project file or interacting with a compromised component. Once exploited, the attacker gains code execution in the context of the application.

Prerequisites

Local access to a workstation running Monitouch V-SFT versions below 6.2.3.0
User interaction required (e.g., opening a file or clicking a malicious link)
No elevated privileges or credentials needed

Local access only (not remotely exploitable)User interaction requiredNo patch available in affected versions prior to 6.2.3.0Type casting and buffer overflow vulnerabilitiesAffects safety and control system configuration tools

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Monitouch V-SFT: <6.2.3.0<6.2.3.06.2.3.0

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict physical and logical access to engineering workstations running Monitouch V-SFT; limit access to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Monitouch V-SFT to version 6.2.3.0 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate engineering workstations from business networks and the internet

HARDENINGUse VPN for any required remote access to engineering workstations, and ensure VPN is kept current

CVEs (3)

CVE-2024-5271 CVE-2024-34171 CVE-2024-5597

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/595b013b-dbbb-4010-852b-79848b2dc467