Vulnerability Management, ICS/SCADA

Industrial sector compromise likely with Fuji Electric HMI software bugs

Binary code on screen with red glowing "BUG" text, symbolizing software malfunction, coding error, or system glitch. Ideal for tech content, debugging, and cybersecurity topics.

Industrial organizations could have their systems compromised through the exploitation of multiple recently patched security vulnerabilities in Fuji Electric's V-SFT human-machine interface configuration and development software, some of which could result in data exposure or arbitrary code execution, SecurityWeek reports.

Malicious project files executed by organizations' V-SFT users after successful social engineering lures could enable code execution with escalated privileges and subsequent system takeovers, according to cybersecurity researcher Michael Heinzl.

"The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure," said Heinzl, who noted that Fuji Electric had deferred patches for nearly four months after being informed regarding the security issues.

Fuji Electric has also delayed fixes for a previous batch of V-SFT bugs for almost nine months, the researcher added. Moreover, JPCERT's information on the potential impact of the new flaws has been inadequate.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds