CVE-2024-11787

Name of the Vulnerable Software and Affected Versions: Fuji Electric Monitouch V-SFT version V10

Description: This issue allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this issue to execute code in the context of the current process.

Recommendations: For Fuji Electric Monitouch V-SFT version V10, as a temporary workaround, consider disabling the V10 file parsing functionality until a patch is available. Restrict access to the V10 file parser to minimize the risk of exploitation. Avoid using the V10 file parser in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.