CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

ICS/OT

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Fuji Electric has released patches and Japan’s JPCERT has informed organizations about the vulnerabilities. The post Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking appeared first on SecurityWeek.

HMI vulnerabilities

Several vulnerabilities patched recently by Fuji Electric in its V-SFT product could be exploited by threat actors to gain access to the systems of industrial organizations.

Fuji Electric (Hakko Electronic) V-SFT is a configuration and development software for human-machine interfaces (HMIs). Organizations in the manufacturing and other industrial sectors use it to create and manage user interfaces for Fuji Electric’s Monitouch series HMIs, which are widely used around the world.

Cybersecurity researcher Michael Heinzl discovered that V-SFT is affected by several vulnerabilities, including ones that can lead to information disclosure or arbitrary code execution on the system running the software. 

An attacker would need to use social engineering to trick a V-SFT user at the targeted organization into opening a malicious project file, which results in arbitrary code execution with the victim’s privileges. This can allow the hacker to take control of the system, Heinzl told SecurityWeek

Heinzl has published his own advisories for each of the V-SFT vulnerabilities. 

“The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure,” the researcher explained.

The Japanese electrical equipment company has released patches (version 6.2.9.0), and Japan’s JPCERT recently published an advisory to inform organizations about the vulnerabilities. 

However, JPCERT’s advisory contains little information on potential impact, and Fuji’s release notes do not appear to mention any security fixes. 

The researcher told SecurityWeek that it took the vendor roughly four months to release patches after being notified. A previous batch of V-SFT vulnerabilities found by Heinzl took approximately nine months to address. 

In total, more than 20 security holes discovered by Heinzl were patched by Fuji Electric in its HMI programmer in recent months. 

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com

Related: ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Related: Radiflow Unveils New OT Security Platform

Related: Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency

Latest News

CYBERNEWSMEDIAPublisher