1. EXECUTIVE SUMMARY
- CVSS v4 8.4
- ATTENTION: Low attack complexity
- Vendor: Fuji Electric
- Equipment: Monitouch V-SFT
- Vulnerability: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following version of Fuji Electric’s Monitouch V-SFT, a screen configuration software, is affected:
- Monitouch V-SFT: Version 6.2.3.0 and prior.
3.2 Vulnerability Overview
3.2.1 Out-of-bounds Write CWE-787
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2024-11787 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-11787. A base score of 8.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).