Fuji Electric Monitouch V-SFT-6 (Update A)

Plan PatchCVSS 7.8ICS-CERT ICSA-25-308-01Nov 4, 2025

Fuji ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Fuji Electric Monitouch V-SFT-6 versions prior to 6.2.9.0 contain buffer overflow vulnerabilities (CWE-122, CWE-121, CWE-787) that could allow code execution or crash the accessed device. Successful exploitation could allow an attacker to run arbitrary code on systems running the affected software.

What this means

What could happen

A remote attacker with local access to a system running Monitouch V-SFT-6 could execute arbitrary code on the engineering workstation, potentially compromising the software used to configure and manage Fuji Electric industrial equipment. This could allow unauthorized changes to device settings or operational parameters.

Who's at risk

Engineering teams and operations personnel who use Fuji Electric Monitouch V-SFT-6 for configuring and managing industrial automation equipment in energy, manufacturing, and process control facilities. This affects the engineering workstations used to program and commission Fuji Electric PLCs and industrial devices.

How it could be exploited

An attacker would need to interact with a user on a system running Monitouch V-SFT-6 (e.g., through a malicious file or social engineering) to trigger a buffer overflow condition. Once exploited, the attacker gains code execution on the workstation, which could then be used to modify industrial device configurations or access the engineering environment.

Prerequisites

Local or interactive access to a system running Fuji Electric Monitouch V-SFT-6 version 6.2.7.0 or earlier
User interaction to open or execute a malicious file or trigger the vulnerable code path

Buffer overflow vulnerabilityCode execution possibleRequires user interactionLow complexity attack

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Fuji Electric Monitouch V-SFT-6: 6.2.7.06.2.7.06.2.9.0 or newer

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict access to engineering workstations running Monitouch V-SFT to trusted users only; limit file sharing and external media access

HARDENINGEducate users not to open files from untrusted sources, especially those claiming to contain device configurations or software updates

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Monitouch V-SFT to version 6.2.9.0 or newer

CVEs (3)

CVE-2025-54496 CVE-2025-54526 CVE-2025-53524

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d6c1cfe3-3246-45b4-8de8-f10327582fff

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.