Industrial organizations could have their systems compromised through the exploitation of multiple recently patched security vulnerabilities in Fuji Electric's V-SFT human-machine interface configuration and development software, some of which could result in data exposure or arbitrary code execution, SecurityWeek reports.Malicious project files executed by organizations' V-SFT users after successful social engineering lures could enable code execution with escalated privileges and subsequent system takeovers, according to cybersecurity researcher Michael Heinzl."The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure," said Heinzl, who noted that Fuji Electric had deferred patches for nearly four months after being informed regarding the security issues.Fuji Electric has also delayed fixes for a previous batch of V-SFT bugs for almost nine months, the researcher added. Moreover, JPCERT's information on the potential impact of the new flaws has been inadequate.
Vulnerability Management, ICS/SCADA
Industrial sector compromise likely with Fuji Electric HMI software bugs

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



