Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Posted on By CWS

A number of vulnerabilities patched just lately by Fuji Electrical in its V-SFT product could possibly be exploited by menace actors to achieve entry to the methods of commercial organizations.

Fuji Electrical (Hakko Digital) V-SFT is a configuration and growth software program for human-machine interfaces (HMIs). Organizations within the manufacturing and different industrial sectors use it to create and handle consumer interfaces for Fuji Electrical’s Monitouch sequence HMIs, that are broadly used around the globe.

Cybersecurity researcher Michael Heinzl found that V-SFT is affected by a number of vulnerabilities, together with ones that may result in data disclosure or arbitrary code execution on the system working the software program. 

An attacker would wish to make use of social engineering to trick a V-SFT consumer on the focused group into opening a malicious undertaking file, which ends up in arbitrary code execution with the sufferer’s privileges. This may permit the hacker to take management of the system, Heinzl informed SecurityWeek. 

Heinzl has printed his personal advisories for every of the V-SFT vulnerabilities. 

“The difficulty outcomes from the dearth of correct validation of user-supplied information, which may end up in a learn previous the tip of an allotted information construction,” the researcher defined.

The Japanese electrical gear firm has launched patches (model 6.2.9.0), and Japan’s JPCERT just lately printed an advisory to tell organizations concerning the vulnerabilities. 

Nonetheless, JPCERT’s advisory comprises little data on potential impression, and Fuji’s launch notes don’t seem to say any safety fixes. Commercial. Scroll to proceed studying.

The researcher informed SecurityWeek that it took the seller roughly 4 months to launch patches after being notified. A earlier batch of V-SFT vulnerabilities discovered by Heinzl took roughly 9 months to deal with. 

In complete, greater than 20 safety holes found by Heinzl have been patched by Fuji Electrical in its HMI programmer in current months. 

Associated: ICS Patch Tuesday: Fixes Introduced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Associated: Radiflow Unveils New OT Safety Platform

Associated: Many Assaults Geared toward EU Focused OT, Says Cybersecurity Company

Security Week News Tags:, , , , , , , ,

Related Posts

CISO Burnout – Epidemic, Endemic, or Simply Inevitable? CISO Burnout – Epidemic, Endemic, or Simply Inevitable? Security Week News
Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks Security Week News
Arch Linux Project Responding to Week-Long DDoS Attack Arch Linux Project Responding to Week-Long DDoS Attack Security Week News
Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US Security Week News
Dior Says Personal Information Stolen in Cyberattack Dior Says Personal Information Stolen in Cyberattack Security Week News
Varonis Acquires AllTrue.ai to Enhance AI Security Varonis Acquires AllTrue.ai to Enhance AI Security Security Week News