CVE-2024-5271 - Vulnerability Details - OpenCVE

Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Fujielectric	Monitouch V-sft

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02

History

Thu, 24 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fujielectric Fujielectric monitouch V-sft
CPEs		cpe:2.3:a:fujielectric:monitouch_v-sft::::::::
Vendors & Products		Fujielectric Fujielectric monitouch V-sft
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 18 Jul 2025 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-787

Fri, 18 Jul 2025 18:00:00 +0000

Type	Values Removed	Values Added
Title	Fuji Electric Monitouch V-SFT Out-of-Bounds Write	Fuji Electric Monitouch V-SFT Access of Resource Using Incompatible Type ('Type Confusion')
Weaknesses		CWE-843

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00046}`	epss `{'score': 0.00059}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-05-30T19:53:30.195Z

Updated: 2025-07-24T14:42:21.260Z

Reserved: 2024-05-23T14:36:06.242Z

Link: CVE-2024-5271

Vulnrichment

Updated: 2024-08-01T21:11:11.627Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T20:15:09.773

Modified: 2025-07-18T18:15:22.687

Link: CVE-2024-5271

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5271", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-05-23T14:36:06.242Z", "datePublished": "2024-05-30T19:53:30.195Z", "dateUpdated": "2025-07-24T14:42:21.260Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Monitouch V-SFT", "vendor": "Fuji Electric", "versions": [{"lessThan": "6.2.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "kimiya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution."}], "value": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-843", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-18T17:45:36.547Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Fuji Electric recommends users update the product to <a target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd\">Monitouch V-SFT v6.2.3.0</a>.\n\n<br>"}], "value": "Fuji Electric recommends users update the product to Monitouch V-SFT v6.2.3.0 https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd ."}], "source": {"advisory": "ICSA-24-151-02", "discovery": "EXTERNAL"}, "title": "Fuji Electric Monitouch V-SFT Access of Resource Using Incompatible Type ('Type Confusion')", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "fujielectric", "product": "monitouch_v-sft", "cpes": ["cpe:2.3:a:fujielectric:monitouch_v-sft:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.2.3.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-24T14:42:08.803828Z", "id": "CVE-2024-5271", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-24T14:42:21.260Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:11.627Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:11.627Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-24T14:42:08.803828Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fujielectric:monitouch_v-sft:*:*:*:*:*:*:*:*"], "vendor": "fujielectric", "product": "monitouch_v-sft", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.2.3.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-31T13:58:59.895Z"}}], "cna": {"title": "Fuji Electric Monitouch V-SFT Access of Resource Using Incompatible Type ('Type Confusion')", "source": {"advisory": "ICSA-24-151-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "kimiya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Fuji Electric", "product": "Monitouch V-SFT", "versions": [{"status": "affected", "version": "0", "lessThan": "6.2.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Fuji Electric recommends users update the product to Monitouch V-SFT v6.2.3.0 https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd .", "supportingMedia": [{"type": "text/html", "value": "Fuji Electric recommends users update the product to <a target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd\">Monitouch V-SFT v6.2.3.0</a>.\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution.", "supportingMedia": [{"type": "text/html", "value": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-18T17:45:36.547Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5271", "state": "PUBLISHED", "dateUpdated": "2025-07-24T14:42:21.260Z", "dateReserved": "2024-05-23T14:36:06.242Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-05-30T19:53:30.195Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a\n type confusion, which could result in arbitrary code execution."}, {"lang": "es", "value": "Fuji Electric Monitouch V-SFT es vulnerable a una escritura fuera de los l\u00edmites debido a una confusi\u00f3n de tipos, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2024-5271", "lastModified": "2025-07-18T18:15:22.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-05-30T20:15:09.773", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}