CVE-2024-11790 is a stack-based buffer overflow vulnerability identified in Fuji Electric Monitouch V-SFT version 6.2.3.0, specifically in the parsing logic for V10 files. The root cause is the lack of proper validation of the length of user-supplied data before copying it into a fixed-size stack buffer. This unchecked copying can overflow the buffer, overwriting adjacent memory and enabling an attacker to execute arbitrary code within the context of the vulnerable process. Exploitation requires user interaction, such as opening a maliciously crafted V10 file or visiting a malicious web page that triggers the vulnerable parser. The vulnerability is classified under CWE-121 (stack-based buffer overflow) and was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-24449. The CVSS v3.0 base score is 7.8, with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, but user interaction needed, and high impact on confidentiality, integrity, and availability. No patches or exploits are currently publicly available, but the vulnerability poses a significant risk to systems running this software, commonly used in industrial automation and control environments.

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the Monitouch V-SFT process, potentially leading to full system compromise. This can result in unauthorized access to sensitive industrial control data, manipulation of control processes, disruption of operations, and potential safety hazards. The high impact on confidentiality, integrity, and availability makes this a critical concern for organizations relying on Fuji Electric Monitouch V-SFT for automation and monitoring. Given the requirement for user interaction, targeted phishing or social engineering attacks could be used to deliver malicious files or links. The disruption or compromise of industrial control systems can have cascading effects on manufacturing, energy, and critical infrastructure sectors worldwide.

Organizations should immediately verify if they are running Fuji Electric Monitouch V-SFT version 6.2.3.0 and restrict access to this software to trusted users only. Since no official patch is currently available, implement strict file validation and sandboxing for any V10 files before opening. Employ network segmentation to isolate industrial control systems from general IT networks and limit exposure to potentially malicious content. Educate users about the risks of opening unsolicited files or links related to Monitouch V-SFT. Monitor logs for unusual activity related to file parsing or process behavior. Consider deploying application whitelisting and endpoint detection and response (EDR) solutions to detect and block exploitation attempts. Maintain close communication with Fuji Electric for updates on patches or mitigations. If possible, disable or limit the functionality that processes V10 files until a patch is released.