Primary

Context

AzeoTech DAQFactory Out-of-Bounds Write Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Patched

A memory corruption vulnerability allowing out-of-bounds write has been identified in AzeoTech DAQFactory version 20.7 (Build 2555) and prior. This vulnerability can be exploited by an attacker to write data beyond the allocated memory buffer, potentially leading to arbitrary code execution or causing the application to crash. Exploitation requires uploading a malicious .ctl file.

Impact

Exploitation of this vulnerability could result in arbitrary code execution or a system crash.

Remediation

AzeoTech has released an update to address this vulnerability in DAQFactory version 21.1. Users are also advised to store .ctl files in a folder only writable by admin-level users, operate in 'Safe Mode' when handling documents that have been out of their control, and apply a document editing password to their files.

Added: Dec 11, 2025, 9:17 PM

Updated: Dec 11, 2025, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.8

remediation

7.9

relevance

1.3

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.8

remediation

7.9

relevance

1.3

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AzeoTech DAQFactory Out-of-Bounds Write Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

AzeoTech DAQFactory

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating