Primary

Context

AzeoTech DAQFactory Memory Corruption Vulnerability in .ctl File Parsing Allowing Code Execution

Vulnerability

Patched

A memory corruption vulnerability has been identified in AzeoTech DAQFactory release 20.7 (Build 2555) and prior. The issue arises while the application parses specially crafted .ctl files, leading to out-of-bounds write and read vulnerabilities. This memory corruption could allow an attacker to execute arbitrary code in the context of the current process.

Impact

Exploitation of this vulnerability could lead to memory corruption, allowing for arbitrary code execution in the context of the current process.

Remediation

AzeoTech has released an update to address these vulnerabilities in DAQFactory version 21.1. Users are also advised to store .ctl files in a folder only writable by admin-level users, operate in 'Safe Mode' when loading documents that have been out of their control, and apply a document editing password to their documents.

Added: Dec 11, 2025, 9:19 PM

Updated: Dec 11, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

7.8

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

7.8

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AzeoTech DAQFactory Memory Corruption Vulnerability in .ctl File Parsing Allowing Code Execution

Vulnerability

Impact

Remediation

Affected Products

AzeoTech DAQFactory

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating