CVE-2024-11791 is a stack-based buffer overflow vulnerability identified in Fuji Electric Monitouch V-SFT version 6.2.3.0, specifically within the parsing logic of V8C files. The vulnerability stems from insufficient validation of the length of user-supplied data before copying it into a fixed-size stack buffer, leading to a classic buffer overflow condition (CWE-121). This flaw enables remote attackers to execute arbitrary code in the context of the current process by crafting malicious V8C files or web content that the user must open or visit, respectively. The vulnerability requires user interaction, which limits automated exploitation but remains a significant risk in targeted attacks. The CVSS v3.0 score of 7.8 indicates high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). While no public exploits are known yet, the vulnerability's nature and impact make it a critical concern for industrial control systems relying on Monitouch V-SFT for human-machine interface operations. The vulnerability was reported by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-24450 and published on November 27, 2024.

The vulnerability allows remote code execution with the privileges of the Monitouch V-SFT process, potentially leading to full compromise of the affected system. This can result in unauthorized disclosure of sensitive industrial control data, manipulation or disruption of control processes, and denial of service conditions. Given Monitouch V-SFT's role in industrial automation and human-machine interfaces, exploitation could disrupt critical infrastructure operations, cause safety hazards, and lead to significant operational downtime. The requirement for user interaction reduces the likelihood of widespread automated attacks but does not eliminate risk from targeted spear-phishing or social engineering campaigns. Organizations with Monitouch V-SFT deployed in manufacturing plants, energy grids, or other critical infrastructure sectors face heightened risk of operational and reputational damage.

1. Apply patches or updates from Fuji Electric as soon as they become available to address this vulnerability. 2. Implement strict file validation and sandboxing for V8C files to prevent processing of untrusted or malformed files. 3. Restrict user permissions to limit the ability to open or execute files from untrusted sources, especially in industrial control environments. 4. Employ network segmentation to isolate Monitouch V-SFT systems from general IT networks and internet access to reduce exposure. 5. Educate users about the risks of opening files or visiting links from unknown or untrusted sources to mitigate social engineering vectors. 6. Monitor logs and system behavior for unusual activity that may indicate exploitation attempts. 7. Consider application whitelisting and endpoint protection solutions tailored for industrial control systems to detect and block malicious code execution.