Fuji Electric Monitouch V-SFT (Update A)

Plan Patch7.8ICS-CERT ICSA-24-338-05Dec 3, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Fuji Electric Monitouch V-SFT versions 6.2.3.0 and earlier contain a buffer overflow vulnerability (CWE-787) that could crash the application. The vulnerability requires local access to the engineering workstation and user interaction (such as opening a malicious file). Successful exploitation results in denial of service to the engineering application, not remote command execution or access to the control systems themselves.

What this means

What could happen

An attacker with local access to a Monitouch V-SFT engineering workstation could crash the application, interrupting engineering activities and potentially delaying control system updates or emergency response.

Who's at risk

Energy sector organizations using Fuji Electric Monitouch V-SFT for control system engineering and design should prioritize patching. This affects engineering workstations and configuration management workstations used to program and maintain SCADA and PLC systems in power generation and distribution facilities.

How it could be exploited

An attacker must be physically present at or have local access to a Monitouch V-SFT engineering workstation. The attacker can trigger a buffer overflow (CWE-787) by manipulating local files or input that the application processes, causing the software to crash. The attack requires user interaction such as opening a malicious file.

Prerequisites

Local access to the Monitouch V-SFT engineering workstation
User interaction required (e.g., opening a malicious file or project)
Monitouch V-SFT version 6.2.3.0 or earlier

buffer overflow vulnerabilitylocal access requireduser interaction requiredno public exploitation reportedaffects engineering workflow continuity

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

Monitouch V-SFT: <=6.2.3.0≤ 6.2.3.06.2.6.0

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and local network access to Monitouch V-SFT engineering workstations to authorized personnel only

HARDENINGTrain operators and engineers to avoid opening files from untrusted sources on engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Monitouch V-SFT to version 6.2.6.0 or later

Long-term hardening

0/1

HARDENINGImplement access controls and file integrity monitoring on engineering workstations to detect unauthorized file modifications

CVEs (10)

CVE-2024-11787 CVE-2024-11789 CVE-2024-11790 CVE-2024-11791 CVE-2024-11792 CVE-2024-11793 CVE-2024-11794 CVE-2024-11795 CVE-2024-11796 CVE-2024-11797

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a8ed33f1-fbfd-44c8-b9f8-d35a229916fa