Fuji Electric has an update available to handle out-of-bounds write and stack-based buffer overflow vulnerabilities in its Monitouch V-SFT, according to a report with CISA.

Successful exploitation of these vulnerabilities, discovered by kimiy working with Trend Micro Zero Day Initiative, could allow an attacker to execute arbitrary code.

The following versions of Fuji Electric’s Monitouch V-SFT, a screen configuration software, suffer from the vulnerabilities: Monitouch V-SFT: Versions prior to 6.2.3.0.

In one issue, the affected product is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.

Schneider Bold

CVE-2024-5271 is the case number for this vulnerability, which has a CVSS v3.1 base score of 7.8. There is also a CVSS v4 base score of 8.5.

In addition, the affected product is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

CVE-2024-34171 is the case number for this vulnerability, which has a CVSS v3.1 base score of 7.8. There is also a CVSS v4 base score of 8.5.

The product sees use mainly in the critical manufacturing and energy sectors, and on a global basis.

No known exploits target these vulnerabilities. In addition, these vulnerabilities are not exploitable remotely. However, an attacker could leverage these low complexity vulnerabilities.

Japan-based Fuji Electric recommends users update the product to Monitouch V-SFT v6.2.3.0.

ISSSource

Pin It on Pinterest

Share This