Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Posted on By CWS

A number of vulnerabilities patched just lately by Fuji Electrical in its V-SFT product could possibly be exploited by menace actors to achieve entry to the methods of commercial organizations.

Fuji Electrical (Hakko Digital) V-SFT is a configuration and growth software program for human-machine interfaces (HMIs). Organizations within the manufacturing and different industrial sectors use it to create and handle consumer interfaces for Fuji Electrical’s Monitouch sequence HMIs, that are broadly used around the globe.

Cybersecurity researcher Michael Heinzl found that V-SFT is affected by a number of vulnerabilities, together with ones that may result in data disclosure or arbitrary code execution on the system working the software program. 

An attacker would wish to make use of social engineering to trick a V-SFT consumer on the focused group into opening a malicious undertaking file, which ends up in arbitrary code execution with the sufferer’s privileges. This may permit the hacker to take management of the system, Heinzl informed SecurityWeek. 

Heinzl has printed his personal advisories for every of the V-SFT vulnerabilities. 

“The difficulty outcomes from the dearth of correct validation of user-supplied information, which may end up in a learn previous the tip of an allotted information construction,” the researcher defined.

The Japanese electrical gear firm has launched patches (model 6.2.9.0), and Japan’s JPCERT just lately printed an advisory to tell organizations concerning the vulnerabilities. 

Nonetheless, JPCERT’s advisory comprises little data on potential impression, and Fuji’s launch notes don’t seem to say any safety fixes. Commercial. Scroll to proceed studying.

The researcher informed SecurityWeek that it took the seller roughly 4 months to launch patches after being notified. A earlier batch of V-SFT vulnerabilities discovered by Heinzl took roughly 9 months to deal with. 

In complete, greater than 20 safety holes found by Heinzl have been patched by Fuji Electrical in its HMI programmer in current months. 

Associated: ICS Patch Tuesday: Fixes Introduced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Associated: Radiflow Unveils New OT Safety Platform

Associated: Many Assaults Geared toward EU Focused OT, Says Cybersecurity Company

Security Week News Tags:, , , , , , , ,

Related Posts

Train Hack Gets Proper Attention After 20 Years: Researcher  Train Hack Gets Proper Attention After 20 Years: Researcher  Security Week News
PromptLock Only PoC, but AI-Powered Ransomware Is Real PromptLock Only PoC, but AI-Powered Ransomware Is Real Security Week News
Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US Security Week News
Claude Mythos: A Revolutionary AI Model with Cybersecurity Implications Claude Mythos: A Revolutionary AI Model with Cybersecurity Implications Security Week News
Rilian Secures .5 Million to Enhance AI Security Solutions Rilian Secures $17.5 Million to Enhance AI Security Solutions Security Week News
Data Breach at Debt Settlement Firm Impacts 160,000 People Data Breach at Debt Settlement Firm Impacts 160,000 People Security Week News