1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Low attack complexity
- Vendor: Fuji Electric
- Equipment: Monitouch V-SFT
- Vulnerabilities: Out-of-Bounds Write, Stack-Based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Fuji Electric’s Monitouch V-SFT, a screen configuration software, are affected:
- Monitouch V-SFT: Versions prior to 6.2.3.0
3.2 Vulnerability Overview
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
The affected product is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.
CVE-2024-5271 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-5271. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 STACK-BASED BUFFER OVERFLOW CWE-121
The affected product is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.