Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Posted on By CWS

A number of vulnerabilities patched just lately by Fuji Electrical in its V-SFT product could possibly be exploited by menace actors to achieve entry to the methods of commercial organizations.

Fuji Electrical (Hakko Digital) V-SFT is a configuration and growth software program for human-machine interfaces (HMIs). Organizations within the manufacturing and different industrial sectors use it to create and handle consumer interfaces for Fuji Electrical’s Monitouch sequence HMIs, that are broadly used around the globe.

Cybersecurity researcher Michael Heinzl found that V-SFT is affected by a number of vulnerabilities, together with ones that may result in data disclosure or arbitrary code execution on the system working the software program. 

An attacker would wish to make use of social engineering to trick a V-SFT consumer on the focused group into opening a malicious undertaking file, which ends up in arbitrary code execution with the sufferer’s privileges. This may permit the hacker to take management of the system, Heinzl informed SecurityWeek. 

Heinzl has printed his personal advisories for every of the V-SFT vulnerabilities. 

“The difficulty outcomes from the dearth of correct validation of user-supplied information, which may end up in a learn previous the tip of an allotted information construction,” the researcher defined.

The Japanese electrical gear firm has launched patches (model 6.2.9.0), and Japan’s JPCERT just lately printed an advisory to tell organizations concerning the vulnerabilities. 

Nonetheless, JPCERT’s advisory comprises little data on potential impression, and Fuji’s launch notes don’t seem to say any safety fixes. Commercial. Scroll to proceed studying.

The researcher informed SecurityWeek that it took the seller roughly 4 months to launch patches after being notified. A earlier batch of V-SFT vulnerabilities discovered by Heinzl took roughly 9 months to deal with. 

In complete, greater than 20 safety holes found by Heinzl have been patched by Fuji Electrical in its HMI programmer in current months. 

Associated: ICS Patch Tuesday: Fixes Introduced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Associated: Radiflow Unveils New OT Safety Platform

Associated: Many Assaults Geared toward EU Focused OT, Says Cybersecurity Company

Security Week News Tags:, , , , , , , ,

Related Posts

Ransomware Attack Forces Kettering Health to Cancel Procedures Security Week News
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  Security Week News
Microsoft Patches Over 100 Vulnerabilities Security Week News
Zyxel Firewall Vulnerability Again in Attacker Crosshairs Security Week News
Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet Security Week News
Chrome 138 Update Patches Zero-Day Vulnerability Security Week News