Primary

Context

AzeoTech DAQFactory Out-of-Bounds Read Vulnerability Allowing Information Disclosure or System Crash

Vulnerability

Patched

AzeoTech DAQFactory versions through 20.7 (Build 2555) contain an out-of-bounds read vulnerability. This issue can be exploited to read data beyond the allocated buffer, potentially leading to information disclosure or causing the application to crash.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure or a system crash.

Remediation

AzeoTech has released DAQFactory version 21.1 to address this vulnerability. Users are also advised to avoid using documents from untrusted sources, store .ctl files in admin-only writable folders, operate in 'Safe Mode' with uncontrolled documents, and apply document editing passwords. CISA recommends minimizing network exposure for control system devices, using firewalls, and when remote access is necessary, employing secure methods like VPNs.

Added: Dec 11, 2025, 9:18 PM

Updated: Dec 11, 2025, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

3.1

exploitability

7.8

remediation

7.9

relevance

1.3

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

3.1

exploitability

7.8

remediation

7.9

relevance

1.3

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AzeoTech DAQFactory Out-of-Bounds Read Vulnerability Allowing Information Disclosure or System Crash

Vulnerability

Impact

Remediation

Affected Products

AzeoTech DAQFactory

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating