Fuji Fixes Electric Monitouch V-SFT

Thursday, August 10, 2017 @ 03:08 PM gHale


Fuji Electric released a new version to mitigate multiple vulnerabilities in its Monitouch V-SFT product, according to a report with ICS-CERT.

The vulnerabilities are a stack-based buffer overflow, heap-based buffer overflow and improper privilege management. Independent researchers Fritz Sands and kimiya working with Trend Micro’s Zero Day Initiative identified these vulnerabilities.

RELATED STORIES
Hole in Solar Controls WATTConfig M Software
Hole in Solar Controls HC Downloader
Hole in SIMPlight SCADA Software
OSIsoft Clears PI Integrator Holes

A screen configuration software, Monitouch V-SFT, versions prior to Version 5.4.43.0 suffer from the remotely exploitable vulnerabilities.

Successful exploitation of these vulnerabilities could allow remote code execution or cause the software the attacker is accessing to crash. The improper privilege management vulnerability could allow an attacker with local access to escalate privileges.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution.

CVE-2017-9659 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

In addition, a heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution.

CVE-2017-9660 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Also, Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges.

CVE-2017-9662 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.5.

The product sees action in the critical manufacturing and energy industries. It sees use on a global basis.

Japan-based Fuji Electric released a new version of Monitouch V-SFT, Version 5.4.43.0, to fix these vulnerabilities.



Leave a Reply

You must be logged in to post a comment.