Search criteria
45 vulnerabilities found for Monitouch V-SFT by Fuji Electric
VAR-202411-1676
Vulnerability from variot - Updated: 2025-10-17 22:50Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1618"
},
{
"db": "CNVD",
"id": "CNVD-2025-21058"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1618"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-21058",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11792",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11792",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11792",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11792",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11792",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11792",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11792",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-21058",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1618"
},
{
"db": "CNVD",
"id": "CNVD-2025-21058"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"db": "NVD",
"id": "CVE-2024-11792"
},
{
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11792"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"db": "ZDI",
"id": "ZDI-24-1618"
},
{
"db": "CNVD",
"id": "CNVD-2025-21058"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11792",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1618",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013911",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24502",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-21058",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1618"
},
{
"db": "CNVD",
"id": "CNVD-2025-21058"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"id": "VAR-202411-1676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21058"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21058"
}
]
},
"last_update_date": "2025-10-17T22:50:19.114000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1618/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11792"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21058"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1618"
},
{
"db": "CNVD",
"id": "CNVD-2025-21058"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1618"
},
{
"date": "2025-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21058"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"date": "2024-11-28T00:15:04.603000",
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1618"
},
{
"date": "2025-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21058"
},
{
"date": "2024-12-05T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2024-013911"
},
{
"date": "2024-12-03T16:07:42.940000",
"db": "NVD",
"id": "CVE-2024-11792"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013911"
}
],
"trust": 0.8
}
}
VAR-202411-1622
Vulnerability from variot - Updated: 2025-10-17 22:50Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1622",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1617"
},
{
"db": "CNVD",
"id": "CNVD-2025-21057"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1617"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-21057",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11791",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11791",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11791",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11791",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11791",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-21057",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1617"
},
{
"db": "CNVD",
"id": "CNVD-2025-21057"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"db": "NVD",
"id": "CVE-2024-11791"
},
{
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric. It is primarily used in industrial automation and provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm notifications",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11791"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"db": "ZDI",
"id": "ZDI-24-1617"
},
{
"db": "CNVD",
"id": "CNVD-2025-21057"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11791",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1617",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013892",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24450",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-21057",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1617"
},
{
"db": "CNVD",
"id": "CNVD-2025-21057"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"id": "VAR-202411-1622",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21057"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21057"
}
]
},
"last_update_date": "2025-10-17T22:50:19.045000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1617/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11791"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21057"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1617"
},
{
"db": "CNVD",
"id": "CNVD-2025-21057"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1617"
},
{
"date": "2025-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21057"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"date": "2024-11-28T00:15:04.467000",
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1617"
},
{
"date": "2025-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21057"
},
{
"date": "2024-12-05T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2024-013892"
},
{
"date": "2024-12-03T16:08:22.910000",
"db": "NVD",
"id": "CVE-2024-11791"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013892"
}
],
"trust": 0.8
}
}
VAR-202405-1939
Vulnerability from variot - Updated: 2025-10-16 23:41Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric Co., Ltd., primarily used in industrial automation. It provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm messaging
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-1939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": null,
"trust": 3.5,
"vendor": "fuji electric",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"db": "CNVD",
"id": "CNVD-2025-21060"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
}
],
"trust": 3.5
},
"cve": "CVE-2024-34171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-21060",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-34171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-34171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-34171",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2024-34171",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-34171",
"trust": 1.0,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-34171",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2024-34171",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-21060",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"db": "CNVD",
"id": "CNVD-2025-21060"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"db": "NVD",
"id": "CVE-2024-34171"
},
{
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is human-machine interface (HMI) configuration software developed by Fuji Electric Co., Ltd., primarily used in industrial automation. It provides functions such as touchscreen interface design, PDF document viewing, video playback, and alarm messaging",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34171"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"db": "CNVD",
"id": "CNVD-2025-21060"
}
],
"trust": 5.31
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34171",
"trust": 6.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-151-02",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU97725986",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026706",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22908",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-535",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22896",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-534",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22874",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-533",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22815",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-532",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22749",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-530",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-21060",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"db": "CNVD",
"id": "CNVD-2025-21060"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"id": "VAR-202405-1939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21060"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21060"
}
]
},
"last_update_date": "2025-10-16T23:41:41.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
},
{
"title": "Patch for Fuji Electric Monitouch V-SFT Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/731071"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"db": "CNVD",
"id": "CNVD-2025-21060"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97725986/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34171"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"db": "CNVD",
"id": "CNVD-2025-21060"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"db": "CNVD",
"id": "CNVD-2025-21060"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"date": "2024-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"date": "2024-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"date": "2024-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"date": "2024-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"date": "2025-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21060"
},
{
"date": "2025-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"date": "2024-05-30T20:15:09.197000",
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-532"
},
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-530"
},
{
"date": "2025-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21060"
},
{
"date": "2025-08-01T01:25:00",
"db": "JVNDB",
"id": "JVNDB-2024-026706"
},
{
"date": "2025-07-30T19:23:07.310000",
"db": "NVD",
"id": "CVE-2024-34171"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V9C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-535"
},
{
"db": "ZDI",
"id": "ZDI-24-534"
},
{
"db": "ZDI",
"id": "ZDI-24-533"
},
{
"db": "ZDI",
"id": "ZDI-24-530"
}
],
"trust": 2.8
}
}
VAR-202405-1938
Vulnerability from variot - Updated: 2025-08-02 22:51Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. Fuji Electric's Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a screen configuration software from Fuji Electric of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-1938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"db": "CNVD",
"id": "CNVD-2025-13533"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-531"
}
],
"trust": 0.7
},
"cve": "CVE-2024-5271",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-13533",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-5271",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-026701",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-5271",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-5271",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2024-026701",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-5271",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-13533",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"db": "CNVD",
"id": "CNVD-2025-13533"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution. Fuji Electric\u0027s Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a screen configuration software from Fuji Electric of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5271"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"db": "CNVD",
"id": "CNVD-2025-13533"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5271",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-151-02",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU97725986",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026701",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22814",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-531",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-13533",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"db": "CNVD",
"id": "CNVD-2025-13533"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"id": "VAR-202405-1938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13533"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13533"
}
]
},
"last_update_date": "2025-08-02T22:51:37.305000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
},
{
"title": "Patch for Fuji Electric Monitouch V-SFT Buffer Overflow Vulnerability (CNVD-2025-13533)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/701731"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"db": "CNVD",
"id": "CNVD-2025-13533"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "Mistake of type (CWE-843) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97725986/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5271"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"db": "CNVD",
"id": "CNVD-2025-13533"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"db": "CNVD",
"id": "CNVD-2025-13533"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-31T00:00:00",
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"date": "2025-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13533"
},
{
"date": "2025-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"date": "2024-05-30T20:15:09.773000",
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-531"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13533"
},
{
"date": "2025-08-01T01:24:00",
"db": "JVNDB",
"id": "JVNDB-2024-026701"
},
{
"date": "2025-07-30T00:01:44.677000",
"db": "NVD",
"id": "CVE-2024-5271"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Vulnerability regarding mix-ups in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-026701"
}
],
"trust": 0.8
}
}
VAR-202411-1631
Vulnerability from variot - Updated: 2025-07-28 23:03Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1631",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1615"
},
{
"db": "CNVD",
"id": "CNVD-2025-16521"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1615"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-16521",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11789",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11789",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11789",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11789",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11789",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11789",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11789",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-16521",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1615"
},
{
"db": "CNVD",
"id": "CNVD-2025-16521"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"db": "NVD",
"id": "CVE-2024-11789"
},
{
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11789"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"db": "ZDI",
"id": "ZDI-24-1615"
},
{
"db": "CNVD",
"id": "CNVD-2025-16521"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11789",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1615",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013893",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24448",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-16521",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1615"
},
{
"db": "CNVD",
"id": "CNVD-2025-16521"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"id": "VAR-202411-1631",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16521"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16521"
}
]
},
"last_update_date": "2025-07-28T23:03:36.737000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1615/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11789"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16521"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1615"
},
{
"db": "CNVD",
"id": "CNVD-2025-16521"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1615"
},
{
"date": "2025-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16521"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"date": "2024-11-28T00:15:04.153000",
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1615"
},
{
"date": "2025-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16521"
},
{
"date": "2024-12-05T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2024-013893"
},
{
"date": "2024-12-03T16:08:48.497000",
"db": "NVD",
"id": "CVE-2024-11789"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013893"
}
],
"trust": 0.8
}
}
VAR-202411-1705
Vulnerability from variot - Updated: 2025-07-28 23:03Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1705",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1616"
},
{
"db": "CNVD",
"id": "CNVD-2025-16522"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1616"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-16522",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11790",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11790",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11790",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11790",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11790",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11790",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11790",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-16522",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1616"
},
{
"db": "CNVD",
"id": "CNVD-2025-16522"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"db": "NVD",
"id": "CVE-2024-11790"
},
{
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11790"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"db": "ZDI",
"id": "ZDI-24-1616"
},
{
"db": "CNVD",
"id": "CNVD-2025-16522"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11790",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1616",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013929",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24449",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-16522",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1616"
},
{
"db": "CNVD",
"id": "CNVD-2025-16522"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"id": "VAR-202411-1705",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16522"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16522"
}
]
},
"last_update_date": "2025-07-28T23:03:36.697000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1616/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11790"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16522"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1616"
},
{
"db": "CNVD",
"id": "CNVD-2025-16522"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1616"
},
{
"date": "2025-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16522"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"date": "2024-11-28T00:15:04.297000",
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1616"
},
{
"date": "2025-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16522"
},
{
"date": "2024-12-05T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2024-013929"
},
{
"date": "2024-12-03T16:08:38.587000",
"db": "NVD",
"id": "CVE-2024-11790"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013929"
}
],
"trust": 0.8
}
}
VAR-202406-0045
Vulnerability from variot - Updated: 2025-07-04 23:42Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. Fuji Electric's Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a human-machine interface software from Fuji Electric
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "lt",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"db": "CNVD",
"id": "CNVD-2025-13532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-564"
}
],
"trust": 0.7
},
"cve": "CVE-2024-5597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-13532",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5597",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-5597",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-5597",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-5597",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5597",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-5597",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-5597",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2024-5597",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-13532",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"db": "CNVD",
"id": "CNVD-2025-13532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"db": "NVD",
"id": "CVE-2024-5597"
},
{
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT\u00a0is vulnerable to a type confusion, which could cause a crash or code execution. Fuji Electric\u0027s Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a human-machine interface software from Fuji Electric",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5597"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"db": "CNVD",
"id": "CNVD-2025-13532"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5597",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-151-02",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU97725986",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003449",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22748",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-564",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-13532",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"db": "CNVD",
"id": "CNVD-2025-13532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"id": "VAR-202406-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13532"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13532"
}
]
},
"last_update_date": "2025-07-04T23:42:51.643000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
},
{
"title": "Patch for Fuji Electric Monitouch V-SFT Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/701726"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"db": "CNVD",
"id": "CNVD-2025-13532"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "Mistake of type (CWE-843) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97725986/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5597"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"db": "CNVD",
"id": "CNVD-2025-13532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"db": "CNVD",
"id": "CNVD-2025-13532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"date": "2025-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13532"
},
{
"date": "2024-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"date": "2024-06-10T17:16:35.180000",
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-564"
},
{
"date": "2025-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13532"
},
{
"date": "2024-06-13T01:35:00",
"db": "JVNDB",
"id": "JVNDB-2024-003449"
},
{
"date": "2024-06-12T18:10:47.080000",
"db": "NVD",
"id": "CVE-2024-5597"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Vulnerability regarding mix-ups in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003449"
}
],
"trust": 0.8
}
}
VAR-202411-1701
Vulnerability from variot - Updated: 2025-05-30 23:10Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1621"
},
{
"db": "CNVD",
"id": "CNVD-2025-10829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1621"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-10829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11795",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11795",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11795",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11795",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11795",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11795",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11795",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-10829",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1621"
},
{
"db": "CNVD",
"id": "CNVD-2025-10829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"db": "NVD",
"id": "CVE-2024-11795"
},
{
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11795"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"db": "ZDI",
"id": "ZDI-24-1621"
},
{
"db": "CNVD",
"id": "CNVD-2025-10829"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11795",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1621",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013891",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24505",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-10829",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1621"
},
{
"db": "CNVD",
"id": "CNVD-2025-10829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"id": "VAR-202411-1701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10829"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10829"
}
]
},
"last_update_date": "2025-05-30T23:10:40.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Fuji Electric Monitouch V-SFT V8 File Parsing Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/692296"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1621/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11795"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1621"
},
{
"db": "CNVD",
"id": "CNVD-2025-10829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1621"
},
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10829"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"date": "2024-11-28T00:15:05.017000",
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1621"
},
{
"date": "2025-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10829"
},
{
"date": "2024-12-05T07:10:00",
"db": "JVNDB",
"id": "JVNDB-2024-013891"
},
{
"date": "2024-12-03T16:06:03.237000",
"db": "NVD",
"id": "CVE-2024-11795"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013891"
}
],
"trust": 0.8
}
}
VAR-202411-1654
Vulnerability from variot - Updated: 2025-05-30 23:10Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24506. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1654",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1622"
},
{
"db": "CNVD",
"id": "CNVD-2025-10830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1622"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11796",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-10830",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11796",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11796",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11796",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11796",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11796",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11796",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11796",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-10830",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1622"
},
{
"db": "CNVD",
"id": "CNVD-2025-10830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"db": "NVD",
"id": "CVE-2024-11796"
},
{
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24506. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11796"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"db": "ZDI",
"id": "ZDI-24-1622"
},
{
"db": "CNVD",
"id": "CNVD-2025-10830"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11796",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1622",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013877",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24506",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-10830",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1622"
},
{
"db": "CNVD",
"id": "CNVD-2025-10830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"id": "VAR-202411-1654",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10830"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10830"
}
]
},
"last_update_date": "2025-05-30T23:10:40.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Fuji Electric Monitouch V-SFT V9C File Parsing Out-of-Bounds Write Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/692301"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10830"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1622/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11796"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1622"
},
{
"db": "CNVD",
"id": "CNVD-2025-10830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1622"
},
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10830"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"date": "2024-11-28T00:15:05.173000",
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1622"
},
{
"date": "2025-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10830"
},
{
"date": "2024-12-05T07:10:00",
"db": "JVNDB",
"id": "JVNDB-2024-013877"
},
{
"date": "2024-12-03T16:05:21.907000",
"db": "NVD",
"id": "CVE-2024-11796"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013877"
}
],
"trust": 0.8
}
}
VAR-202411-1739
Vulnerability from variot - Updated: 2025-05-30 23:10Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24413. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1739",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1614"
},
{
"db": "CNVD",
"id": "CNVD-2025-10832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1614"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-10832",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11787",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11787",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11787",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11787",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11787",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11787",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11787",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-10832",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1614"
},
{
"db": "CNVD",
"id": "CNVD-2025-10832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"db": "NVD",
"id": "CVE-2024-11787"
},
{
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24413. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11787"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"db": "ZDI",
"id": "ZDI-24-1614"
},
{
"db": "CNVD",
"id": "CNVD-2025-10832"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11787",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1614",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013940",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24413",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-10832",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1614"
},
{
"db": "CNVD",
"id": "CNVD-2025-10832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"id": "VAR-202411-1739",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10832"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10832"
}
]
},
"last_update_date": "2025-05-30T23:10:40.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Fuji Electric Monitouch V-SFT V10 File Parsing Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/692316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1614/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11787"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1614"
},
{
"db": "CNVD",
"id": "CNVD-2025-10832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1614"
},
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10832"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"date": "2024-11-28T00:15:04",
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1614"
},
{
"date": "2025-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10832"
},
{
"date": "2024-12-05T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2024-013940"
},
{
"date": "2024-12-03T16:09:14.300000",
"db": "NVD",
"id": "CVE-2024-11787"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013940"
}
],
"trust": 0.8
}
}
VAR-202411-1630
Vulnerability from variot - Updated: 2025-05-30 23:10Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1630",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1624"
},
{
"db": "CNVD",
"id": "CNVD-2025-10831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1624"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-10831",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11798",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11798",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11798",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11798",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11798",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-10831",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1624"
},
{
"db": "CNVD",
"id": "CNVD-2025-10831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"db": "NVD",
"id": "CVE-2024-11798"
},
{
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11798"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"db": "ZDI",
"id": "ZDI-24-1624"
},
{
"db": "CNVD",
"id": "CNVD-2025-10831"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11798",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1624",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013910",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24663",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-10831",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1624"
},
{
"db": "CNVD",
"id": "CNVD-2025-10831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"id": "VAR-202411-1630",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10831"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10831"
}
]
},
"last_update_date": "2025-05-30T23:10:40.087000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Fuji Electric Monitouch V-SFT X1 File Parsing Out-of-Bounds Write Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/692311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1624/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11798"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1624"
},
{
"db": "CNVD",
"id": "CNVD-2025-10831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1624"
},
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10831"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"date": "2024-11-28T00:15:05.463000",
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1624"
},
{
"date": "2025-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10831"
},
{
"date": "2024-12-04T02:22:00",
"db": "JVNDB",
"id": "JVNDB-2024-013910"
},
{
"date": "2024-12-03T16:04:32.760000",
"db": "NVD",
"id": "CVE-2024-11798"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013910"
}
],
"trust": 0.8
}
}
VAR-202411-1750
Vulnerability from variot - Updated: 2025-05-30 23:10Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662. Fuji Electric's Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1750",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 1.0,
"vendor": "fujielectric",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": null
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u96fb\u6a5f",
"version": "6.2.3.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fuji",
"version": "6.2.3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1623"
},
{
"db": "CNVD",
"id": "CNVD-2025-10914"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1623"
}
],
"trust": 0.7
},
"cve": "CVE-2024-11797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-10914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-11797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-11797",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11797",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-11797",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-11797",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-10914",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1623"
},
{
"db": "CNVD",
"id": "CNVD-2025-10914"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"db": "NVD",
"id": "CVE-2024-11797"
},
{
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662. Fuji Electric\u0027s Monitouch V-SFT Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fuji Electric Monitouch V-SFT is a configuration software for human-machine interface (HMI) provided by Fuji Electric Corporation. It supports a variety of functions, including custom home screen, PDF document viewer, video player, alarm message, 10 pop-up windows, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11797"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"db": "ZDI",
"id": "ZDI-24-1623"
},
{
"db": "CNVD",
"id": "CNVD-2025-10914"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11797",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1623",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-24-338-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98326656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013870",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24662",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1624",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2025-10914",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1623"
},
{
"db": "CNVD",
"id": "CNVD-2025-10914"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"id": "VAR-202411-1750",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10914"
}
],
"trust": 1.25
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10914"
}
]
},
"last_update_date": "2025-05-30T23:10:40.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Fuji Electric Monitouch V-SFT V8 File Parsing Out-of-Bounds Write Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/692306"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1623/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98326656/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11797"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-05"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1624/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10914"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1623"
},
{
"db": "CNVD",
"id": "CNVD-2025-10914"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1623"
},
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10914"
},
{
"date": "2024-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"date": "2024-11-28T00:15:05.323000",
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1623"
},
{
"date": "2025-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10914"
},
{
"date": "2024-12-05T07:10:00",
"db": "JVNDB",
"id": "JVNDB-2024-013870"
},
{
"date": "2024-12-03T16:04:52.443000",
"db": "NVD",
"id": "CVE-2024-11797"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric\u0027s \u00a0Monitouch\u00a0V-SFT\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013870"
}
],
"trust": 0.8
}
}
VAR-201708-1406
Vulnerability from variot - Updated: 2025-04-20 23:15A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "monitouch v-sft",
"scope": null,
"trust": 1.4,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "monitouch v-sft",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "5.4.42.0"
},
{
"_id": null,
"model": "monitouch v-sft",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji electric",
"version": "5.4.43.0"
},
{
"_id": null,
"model": "electric monitouch v-sft",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "5.4.43.0"
},
{
"_id": null,
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "5.4.42.0"
},
{
"_id": null,
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "5.4.42.0"
},
{
"_id": null,
"model": "electric monitouch v-sft",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "5.4.43.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "monitouch v sft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
},
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-578"
},
{
"db": "NVD",
"id": "CVE-2017-9659"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:monitouch_v-sft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
}
],
"trust": 1.4
},
"cve": "CVE-2017-9659",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9659",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 3.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22804",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-9659",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9659",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9659",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9659",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22804",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-578",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
},
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-578"
},
{
"db": "NVD",
"id": "CVE-2017-9659"
}
]
},
"description": {
"_id": null,
"data": "A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9659"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
},
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
}
],
"trust": 3.87
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-9659",
"trust": 4.9
},
{
"db": "ICS CERT",
"id": "ICSA-17-222-04",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-17-644",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-17-643",
"trust": 2.6
},
{
"db": "BID",
"id": "100265",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2017-22804",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-578",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4014",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3993",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-645",
"trust": 0.3
},
{
"db": "IVD",
"id": "E14E25DD-B97B-42E6-840A-4D68E6949FDB",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
},
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-578"
},
{
"db": "NVD",
"id": "CVE-2017-9659"
}
]
},
"id": "VAR-201708-1406",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
}
],
"trust": 1.4500000000000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
}
]
},
"last_update_date": "2025-04-20T23:15:59.354000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04"
},
{
"title": "Monitouch V-SFT",
"trust": 0.8,
"url": "http://www.hakko-elec.co.jp/site/vsft/"
},
{
"title": "Fuji Electric Monitouch V-SFT project file parsing heap buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100821"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
},
{
"db": "NVD",
"id": "CVE-2017-9659"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-222-04"
},
{
"trust": 1.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-643/"
},
{
"trust": 1.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-644/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9659"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100265"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9659"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
},
{
"trust": 0.3,
"url": "www.zerodayinitiative.com/advisories/zdi-17-645"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
},
{
"db": "CNVD",
"id": "CNVD-2017-22804"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-578"
},
{
"db": "NVD",
"id": "CVE-2017-9659"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-644",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-643",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22804",
"ident": null
},
{
"db": "BID",
"id": "100265",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007179",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201706-578",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-9659",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-644",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-643",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22804",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100265",
"ident": null
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007179",
"ident": null
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-578",
"ident": null
},
{
"date": "2017-08-14T16:29:00.320000",
"db": "NVD",
"id": "CVE-2017-9659",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-644",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-643",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22804",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100265",
"ident": null
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007179",
"ident": null
},
{
"date": "2017-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-578",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9659",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-578"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fuji Electric Monitouch V-SFT Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-644"
},
{
"db": "ZDI",
"id": "ZDI-17-643"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e14e25dd-b97b-42e6-840a-4d68e6949fdb"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-578"
}
],
"trust": 0.8
}
}
VAR-201708-1409
Vulnerability from variot - Updated: 2025-04-20 23:15An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. Fuji Electric Monitouch V-SFT Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of Monitouch V-SFT. An attacker can leverage this vulnerability to execute code in the context of any user of the software. Fuji Electric Monitouch V-SFT is an HMI software
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "monitouch v-sft",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "5.4.42.0"
},
{
"_id": null,
"model": "monitouch v-sft",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji electric",
"version": "5.4.43.0"
},
{
"_id": null,
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"_id": null,
"model": "electric monitouch v-sft",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "5.4.43.0"
},
{
"_id": null,
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "5.4.42.0"
},
{
"_id": null,
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "5.4.42.0"
},
{
"_id": null,
"model": "electric monitouch v-sft",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "5.4.43.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "monitouch v sft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
},
{
"db": "ZDI",
"id": "ZDI-17-646"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
},
{
"db": "BID",
"id": "100268"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575"
},
{
"db": "NVD",
"id": "CVE-2017-9662"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:monitouch_v-sft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
}
]
},
"credits": {
"_id": null,
"data": "Fritz Sands of the Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-646"
},
{
"db": "BID",
"id": "100268"
}
],
"trust": 1.0
},
"cve": "CVE-2017-9662",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9662",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2017-9662",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-22806",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2017-9662",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9662",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-9662",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2017-9662",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22806",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-575",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
},
{
"db": "ZDI",
"id": "ZDI-17-646"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575"
},
{
"db": "NVD",
"id": "CVE-2017-9662"
}
]
},
"description": {
"_id": null,
"data": "An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. Fuji Electric Monitouch V-SFT Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of Monitouch V-SFT. An attacker can leverage this vulnerability to execute code in the context of any user of the software. Fuji Electric Monitouch V-SFT is an HMI software",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9662"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
},
{
"db": "ZDI",
"id": "ZDI-17-646"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
},
{
"db": "BID",
"id": "100268"
},
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-9662",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-222-04",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-17-646",
"trust": 2.6
},
{
"db": "BID",
"id": "100268",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22806",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4021",
"trust": 0.7
},
{
"db": "IVD",
"id": "2BE44727-F1CD-4BAD-8264-9B7730B4F5E3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
},
{
"db": "ZDI",
"id": "ZDI-17-646"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
},
{
"db": "BID",
"id": "100268"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575"
},
{
"db": "NVD",
"id": "CVE-2017-9662"
}
]
},
"id": "VAR-201708-1409",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
}
],
"trust": 1.4500000000000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
}
]
},
"last_update_date": "2025-04-20T23:15:59.312000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Monitouch V-SFT",
"trust": 0.8,
"url": "http://www.hakko-elec.co.jp/site/vsft/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04"
},
{
"title": "Fuji Electric Monitouch V-SFT Unsafe Configuration Privilege Upgrade Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100818"
},
{
"title": "Fuji Electric Monitouch V-SFT Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99846"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-646"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
},
{
"db": "NVD",
"id": "CVE-2017-9662"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-222-04"
},
{
"trust": 1.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-646/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100268"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9662"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9662"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-646"
},
{
"db": "CNVD",
"id": "CNVD-2017-22806"
},
{
"db": "BID",
"id": "100268"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575"
},
{
"db": "NVD",
"id": "CVE-2017-9662"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-646",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22806",
"ident": null
},
{
"db": "BID",
"id": "100268",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007182",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-9662",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-646",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22806",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100268",
"ident": null
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007182",
"ident": null
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-575",
"ident": null
},
{
"date": "2017-08-14T16:29:00.413000",
"db": "NVD",
"id": "CVE-2017-9662",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-646",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22806",
"ident": null
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100268",
"ident": null
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007182",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-575",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9662",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "100268"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-575"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Fuji Electric Monitouch V-SFT Insecure Configuration Privilege Escalation Vulnerability",
"sources": [
{
"db": "IVD",
"id": "2be44727-f1cd-4bad-8264-9b7730b4f5e3"
},
{
"db": "ZDI",
"id": "ZDI-17-646"
}
],
"trust": 0.9
},
"type": {
"_id": null,
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-575"
}
],
"trust": 0.6
}
}
VAR-201708-1407
Vulnerability from variot - Updated: 2025-04-20 23:15A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitouch v-sft",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "5.4.42.0"
},
{
"model": "monitouch v-sft",
"scope": "lt",
"trust": 0.8,
"vendor": "fuji electric",
"version": "5.4.43.0"
},
{
"model": "monitouch v-sft",
"scope": null,
"trust": 0.7,
"vendor": "fuji electric",
"version": null
},
{
"model": "electric monitouch v-sft",
"scope": "lt",
"trust": 0.6,
"vendor": "fuji",
"version": "5.4.43.0"
},
{
"model": "monitouch v-sft",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "5.4.42.0"
},
{
"model": "electric monitouch v-sft",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "5.4.42.0"
},
{
"model": "electric monitouch v-sft",
"scope": "ne",
"trust": 0.3,
"vendor": "fuji",
"version": "5.4.43.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "monitouch v sft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
},
{
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fujielectric:monitouch_v-sft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-645"
}
],
"trust": 0.7
},
"cve": "CVE-2017-9660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9660",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 2.5,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-9660",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9660",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9660",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2017-9660",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22805",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
},
{
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. Fuji Electric Monitouch V-SFT Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Fuji Electric Monitouch V-SFT is an HMI software. Failed exploit attempts will result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9660"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9660",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-222-04",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-17-645",
"trust": 2.6
},
{
"db": "BID",
"id": "100265",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2017-22805",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3994",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-643",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-17-644",
"trust": 0.3
},
{
"db": "IVD",
"id": "FE17C188-7216-4DD6-AA4D-FFAE1D06D92B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
},
{
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"id": "VAR-201708-1407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
}
],
"trust": 1.4500000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
}
]
},
"last_update_date": "2025-04-20T23:15:59.272000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Monitouch V-SFT",
"trust": 0.8,
"url": "http://www.hakko-elec.co.jp/site/vsft/"
},
{
"title": "Fuji Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04"
},
{
"title": "Patch for Fuji Electric Monitouch V-SFT Project File Parsing Buffer Buffer Overflow Vulnerability (CNVD-2017-22805)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100820"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-222-04"
},
{
"trust": 1.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-645/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9660"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100265"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9660"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-643/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-644/"
},
{
"trust": 0.3,
"url": "www.zerodayinitiative.com/advisories/zdi-17-645"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
},
{
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"db": "BID",
"id": "100265"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
},
{
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100265"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-577"
},
{
"date": "2017-08-14T16:29:00.350000",
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "ZDI",
"id": "ZDI-17-645"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22805"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100265"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"date": "2018-01-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-577"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9660"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Monitouch V-SFT Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007180"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "fe17c188-7216-4dd6-aa4d-ffae1d06d92b"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-577"
}
],
"trust": 0.8
}
}
CVE-2024-11933 (GCVE-0-2024-11933)
Vulnerability from nvd – Published: 2024-11-27 23:36 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:59:16.877074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:46.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-27T14:52:50.875-06:00",
"datePublic": "2024-11-27T15:01:43.341-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:36:05.162Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1630",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1630/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11933",
"datePublished": "2024-11-27T23:36:05.162Z",
"dateReserved": "2024-11-27T20:52:50.825Z",
"dateUpdated": "2024-11-29T16:59:46.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11798 (GCVE-0-2024-11798)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:59:20.681042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:46.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:25.810-06:00",
"datePublic": "2024-11-27T15:00:00.203-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:53.455Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1624",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1624/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11798",
"datePublished": "2024-11-27T23:34:53.455Z",
"dateReserved": "2024-11-26T16:02:25.786Z",
"dateUpdated": "2024-11-29T16:59:46.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11797 (GCVE-0-2024-11797)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:47.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:21.266-06:00",
"datePublic": "2024-11-27T14:59:46.632-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:50.024Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1623",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1623/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11797",
"datePublished": "2024-11-27T23:34:50.024Z",
"dateReserved": "2024-11-26T16:02:21.244Z",
"dateUpdated": "2024-11-29T16:59:47.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11796 (GCVE-0-2024-11796)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24506.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:47.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:14.653-06:00",
"datePublic": "2024-11-27T14:59:35.635-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24506."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:45.779Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1622",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1622/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11796",
"datePublished": "2024-11-27T23:34:45.779Z",
"dateReserved": "2024-11-26T16:02:14.631Z",
"dateUpdated": "2024-11-29T16:59:47.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11795 (GCVE-0-2024-11795)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:47.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:08.078-06:00",
"datePublic": "2024-11-27T14:59:24.205-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:41.798Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1621",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1621/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11795",
"datePublished": "2024-11-27T23:34:41.798Z",
"dateReserved": "2024-11-26T16:02:08.057Z",
"dateUpdated": "2024-11-29T16:59:47.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11794 (GCVE-0-2024-11794)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:47.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:03.353-06:00",
"datePublic": "2024-11-27T14:58:59.212-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:36.653Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1620",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1620/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11794",
"datePublished": "2024-11-27T23:34:36.653Z",
"dateReserved": "2024-11-26T16:02:03.326Z",
"dateUpdated": "2024-11-29T16:59:47.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11793 (GCVE-0-2024-11793)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24503.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:47.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:01:58.448-06:00",
"datePublic": "2024-11-27T14:58:46.685-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24503."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:32.078Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1619",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1619/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11793",
"datePublished": "2024-11-27T23:34:32.078Z",
"dateReserved": "2024-11-26T16:01:58.428Z",
"dateUpdated": "2024-11-29T16:59:47.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11792 (GCVE-0-2024-11792)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 17:09
VLAI?
Title
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:48.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:01:44.222-06:00",
"datePublic": "2024-11-27T14:58:32.703-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:28.147Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1618",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1618/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11792",
"datePublished": "2024-11-27T23:34:28.147Z",
"dateReserved": "2024-11-26T16:01:44.192Z",
"dateUpdated": "2024-11-29T17:09:48.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11791 (GCVE-0-2024-11791)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 17:09
VLAI?
Title
Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:48.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:01:39.133-06:00",
"datePublic": "2024-11-27T14:58:19.419-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:23.304Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1617",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1617/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11791",
"datePublished": "2024-11-27T23:34:23.304Z",
"dateReserved": "2024-11-26T16:01:39.099Z",
"dateUpdated": "2024-11-29T17:09:48.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11790 (GCVE-0-2024-11790)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 17:09
VLAI?
Title
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:01:32.604-06:00",
"datePublic": "2024-11-27T14:58:07.671-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:18.453Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1616",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1616/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11790",
"datePublished": "2024-11-27T23:34:18.453Z",
"dateReserved": "2024-11-26T16:01:32.581Z",
"dateUpdated": "2024-11-29T17:09:49.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11789 (GCVE-0-2024-11789)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 17:09
VLAI?
Title
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:01:28.497-06:00",
"datePublic": "2024-11-27T14:57:48.619-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:14.031Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1615",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1615/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11789",
"datePublished": "2024-11-27T23:34:14.031Z",
"dateReserved": "2024-11-26T16:01:28.470Z",
"dateUpdated": "2024-11-29T17:09:49.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11787 (GCVE-0-2024-11787)
Vulnerability from nvd – Published: 2024-11-27 23:34 – Updated: 2024-11-29 17:09
VLAI?
Title
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24413.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:01:18.991-06:00",
"datePublic": "2024-11-27T14:57:25.081-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24413."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:08.859Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1614",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1614/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11787",
"datePublished": "2024-11-27T23:34:08.859Z",
"dateReserved": "2024-11-26T16:01:18.939Z",
"dateUpdated": "2024-11-29T17:09:49.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11933 (GCVE-0-2024-11933)
Vulnerability from cvelistv5 – Published: 2024-11-27 23:36 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:59:16.877074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:46.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-27T14:52:50.875-06:00",
"datePublic": "2024-11-27T15:01:43.341-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:36:05.162Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1630",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1630/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11933",
"datePublished": "2024-11-27T23:36:05.162Z",
"dateReserved": "2024-11-27T20:52:50.825Z",
"dateUpdated": "2024-11-29T16:59:46.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11798 (GCVE-0-2024-11798)
Vulnerability from cvelistv5 – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:59:20.681042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:46.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:25.810-06:00",
"datePublic": "2024-11-27T15:00:00.203-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:53.455Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1624",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1624/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11798",
"datePublished": "2024-11-27T23:34:53.455Z",
"dateReserved": "2024-11-26T16:02:25.786Z",
"dateUpdated": "2024-11-29T16:59:46.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11797 (GCVE-0-2024-11797)
Vulnerability from cvelistv5 – Published: 2024-11-27 23:34 – Updated: 2024-11-29 16:59
VLAI?
Title
Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
6.2.3.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "monitouch_v-sft",
"vendor": "fujielectric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T16:43:24.101858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:59:47.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "6.2.3.0"
}
]
}
],
"dateAssigned": "2024-11-26T10:02:21.266-06:00",
"datePublic": "2024-11-27T14:59:46.632-06:00",
"descriptions": [
{
"lang": "en",
"value": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T23:34:50.024Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1623",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1623/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11797",
"datePublished": "2024-11-27T23:34:50.024Z",
"dateReserved": "2024-11-26T16:02:21.244Z",
"dateUpdated": "2024-11-29T16:59:47.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}