Fuji Electric Monitouch V-SFT (Update A)

Plan PatchCVSS 7.8ICS-CERT ICSA-24-338-05Dec 3, 2024

Fuji ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Fuji Electric Monitouch V-SFT versions 6.2.3.0 and earlier contain a buffer overflow vulnerability (CWE-787) that could be exploited by a local attacker through user interaction to crash the application or workstation. This vulnerability is not remotely exploitable. Fuji Electric released version 6.2.6.0 in April 2025 to address the issue.

What this means

What could happen

An attacker with local access to the Monitouch V-SFT engineering workstation could crash the application or workstation, potentially disrupting the configuration, monitoring, or control of connected industrial processes until it is restarted.

Who's at risk

Energy sector organizations using Fuji Electric Monitouch V-SFT for industrial control system engineering and monitoring should prioritize this update. This affects engineering workstations used to configure and monitor power generation, distribution, or critical industrial processes.

How it could be exploited

An attacker must have local access to the Monitouch V-SFT workstation (not remotely exploitable). They could trigger a buffer overflow (CWE-787) through user interaction, such as opening a malicious file or project, which could crash the application or the system.

Prerequisites

Local access to the Monitouch V-SFT workstation
User interaction required (opening a malicious file or project)
Monitouch V-SFT version 6.2.3.0 or earlier

Local access requiredUser interaction requiredAffects engineering workstationsVendor patch available

Exploitability

Some exploitation risk — EPSS score 1.4%

Affected products (1)

ProductAffected VersionsFix Status

Monitouch V-SFT: <=6.2.3.0≤ 6.2.3.06.2.6.0

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Monitouch V-SFT to version 6.2.6.0 or later

Long-term hardening

0/2

HARDENINGRestrict physical and network access to Monitouch V-SFT workstations to authorized personnel only

HARDENINGImplement user awareness training to avoid opening untrusted files or projects on engineering workstations

CVEs (10)

CVE-2024-11787 CVE-2024-11789 CVE-2024-11790 CVE-2024-11791 CVE-2024-11792 CVE-2024-11793 CVE-2024-11794 CVE-2024-11795 CVE-2024-11796 CVE-2024-11797

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a8ed33f1-fbfd-44c8-b9f8-d35a229916fa

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.