ICSA-25-308-01 · Published 2025-12-16 · View on CISA ICS-CERT ↗

Fuji Electric Monitouch V-SFT-6 (Update A)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution.

CVE-2025-54496 CVE-2025-54526 CVE-2025-53524

Fuji Electric has addressed these vulnerabilities in their October release (V-SFT V6.2.8.0). They recommend users update to V6.2.9.0 or newer.
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Fuji Electric

Fuji Electric · Fuji Electric Monitouch V-SFT-6 6.2.7.0

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.