Description
In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
Published: 2026-06-25
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AzeoTech DAQFactory versions 21.1 and earlier contain a use‑after‑free flaw that can be triggered by parsing specially crafted .ctl files. This exploitable weakness – identified as CWE‑416 – allows an attacker to execute arbitrary code within the context of DAQFactory, potentially taking full control of the affected system. The primary impact is the loss of confidentiality, integrity, and availability of the device and the data it processes.

Affected Systems

The vulnerability affects AzeoTech DAQFactory product lines. Clients running version 21.1 or any earlier release are vulnerable; newer releases are not impacted as documented by the CNA.

Risk and Exploitability

The vulnerability is rated with a CVSS score of 8.4, indicating high severity. EPSS data is not available, so the exact exploitation probability cannot be quantified, but the lack of KEV listing suggests no confirmed exploitation yet. The likely attack vector involves delivering a malicious .ctl file—either locally or through an untrusted network channel—leading to code execution at the user’s privilege level.

Generated by OpenCVE AI on June 25, 2026 at 19:24 UTC.

Remediation

Vendor Workaround

* Users are discouraged from using documents from unknown/untrusted sources. * Users are encouraged to store .ctl files in a folder only writeable by admin-level users. * Users are encouraged to operate in “Safe Mode” when loading documents that have been out of their control. * Users are encouraged to apply a document editing password to their documents.

OpenCVE Recommended Actions

  • Confirm you are running DAQFactory version 21.1 or earlier; if so, seek a vendor patch or upgrade to a newer release.
  • Store all .ctl files in a protected folder that is writable only by administrators.
  • Whenever you open documents from unknown or untrusted sources, run the application in Safe Mode and protect the documents with an editing password.

Generated by OpenCVE AI on June 25, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Azeotech
Azeotech daqfactory
Vendors & Products Azeotech
Azeotech daqfactory

Thu, 25 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
Title Use after free in AzeoTech DAQFactory
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Azeotech Daqfactory
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-25T18:31:02.699Z

Reserved: 2026-06-22T16:34:48.169Z

Link: CVE-2026-12921

cve-icon Vulnrichment

Updated: 2026-06-25T18:30:56.388Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T21:15:05Z

Weaknesses