CVE-2024-5271 – Fuji Electric Monitouch V-SFT software contains... (How to Fix)

Q: What is the severity of CVE-2024-5271?

CVE-2024-5271 has a CVSS score of 7.8 (HIGH). Fuji Electric Monitouch V-SFT software contains a type confusion vulnerability that leads to out-of-bounds write, potentially allowing attackers to execute arbitrary code on affected systems. This affects industrial control system (ICS) environments using this HMI/SCADA software. Successful exploitation could compromise industrial operations.

📋 TL;DR

Fuji Electric Monitouch V-SFT software contains a type confusion vulnerability that leads to out-of-bounds write, potentially allowing attackers to execute arbitrary code on affected systems. This affects industrial control system (ICS) environments using this HMI/SCADA software. Successful exploitation could compromise industrial operations.

💻 Affected Systems

Products:

Fuji Electric Monitouch V-SFT

Versions: All versions prior to V6.2.3.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: This is HMI/SCADA software used in industrial control systems. The vulnerability exists in the software itself, not dependent on specific configurations.

📦 What is this software?

Monitouch V Sft by Fujielectric

View all CVEs affecting Monitouch V Sft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with arbitrary code execution leading to disruption of industrial processes, data theft, or manipulation of control systems.

🟠

Likely Case

Local privilege escalation or remote code execution if the vulnerable component is exposed, potentially allowing attackers to gain control of the engineering workstation.

🟢

If Mitigated

Limited impact if system is properly segmented and access controlled, though the vulnerability still exists in the software.

🌐 Internet-Facing: MEDIUM - While ICS systems shouldn't be internet-facing, misconfigurations could expose this vulnerability to remote attackers.

🏢 Internal Only: HIGH - This is an ICS/SCADA system where compromise could directly impact industrial operations and safety.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or network access to the vulnerable component. Type confusion vulnerabilities typically require specific knowledge of the software's memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V6.2.3.0

Vendor Advisory: https://www.fujielectric.com/global/support/ics/security/2024/20240531.html

Restart Required: Yes

Instructions:

1. Download V6.2.3.0 from Fuji Electric support portal. 2. Backup current configuration and projects. 3. Install the update following vendor instructions. 4. Restart the system. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Monitouch V-SFT systems from untrusted networks and implement strict network controls.

Access Control

all

Implement strict user access controls and principle of least privilege for systems running V-SFT.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from production networks
Apply additional monitoring and logging to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the software version in V-SFT Help > About. If version is below V6.2.3.0, the system is vulnerable.

Check Version:

Check Help > About in the V-SFT application interface

Verify Fix Applied:

After patching, verify the version shows V6.2.3.0 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes of V-SFT
Unusual file access patterns
Suspicious network connections from V-SFT system

Network Indicators:

Unusual network traffic to/from V-SFT systems
Attempts to access V-SFT services from unauthorized sources

SIEM Query:

Process:V-SFT.exe AND (EventID:1000 OR EventID:1001) OR Network:DestinationPort:V-SFT_port AND SourceIP:!authorized_range

📊 Metadata

CVE ID: CVE-2024-5271

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-843

Published: May 30, 2024

Last Updated: July 30, 2025

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5271, you might also want to check these: