Remote Code Execution Vulnerability in Fuji Electric Monitouch V-SFT
CVE-2024-11795

7.8HIGH

Key Information:

Vendor: Fuji Electric
Status: Monitouch V-sft
Vendor: CVE Published:; 28 November 2024

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2024-11795?

The vulnerability identified in Fuji Electric's Monitouch V-SFT V8 arises due to inadequate validation of user-supplied data lengths during the parsing of V8 files. This oversight can lead to a stack-based buffer overflow, which permits remote attackers to execute arbitrary code on systems running affected versions. Exploitation of this vulnerability requires user interaction, as the targeted system must access a malicious webpage or open a compromised file. By manipulating the file inputs, an attacker may gain control over the current process, thus posing security risks to the integrity and availability of the system.

Affected Version(s)

Monitouch V-SFT 6.2.3.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1621/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024