Remote Code Execution Vulnerability in Fuji Electric Monitouch V-SFT
CVE-2024-11797

7.8HIGH

Key Information:

Vendor: Fuji Electric
Status: Monitouch V-sft
Vendor: CVE Published:; 28 November 2024

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2024-11797?

The identified vulnerability in Fuji Electric's Monitouch V-SFT V8 relates to its handling of file parsing, specifically concerning V8 files. Due to insufficient validation mechanisms, this flaw allows attackers to send specially crafted files, leading to an out-of-bounds write condition. When exploited, this vulnerability permits remote attackers to execute arbitrary code within the context of the affected process, provided that the user specifically opens a malicious file or visits a harmful web page. This presents a notable risk for sensitive industrial applications utilizing the affected software, highlighting the importance of addressing file handling security.

Affected Version(s)

Monitouch V-SFT 6.2.3.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1623/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024

JSON