Refine your search
14 vulnerabilities found for daqfactory by azeotech
CVE-2025-66590 (GCVE-0-2025-66590)
Vulnerability from nvd
Published
2025-12-11 20:45
Modified
2025-12-12 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T21:37:03.207098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:37:29.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
},
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:46:20.835Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66590",
"datePublished": "2025-12-11T20:45:55.130Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-12T21:37:29.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66589 (GCVE-0-2025-66589)
Vulnerability from nvd
Published
2025-12-11 20:48
Modified
2025-12-17 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:26.723222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:19.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
},
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:35:21.005Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66589",
"datePublished": "2025-12-11T20:48:47.912Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-17T20:35:21.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66588 (GCVE-0-2025-66588)
Vulnerability from nvd
Published
2025-12-11 20:50
Modified
2025-12-15 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:24.632115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:13.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.\u003c/p\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:50:39.132Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Uninitialized Pointer vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66588",
"datePublished": "2025-12-11T20:50:39.132Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:13.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66587 (GCVE-0-2025-66587)
Vulnerability from nvd
Published
2025-12-11 20:53
Modified
2025-12-15 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:22.433215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:07.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:53:08.409Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66587",
"datePublished": "2025-12-11T20:53:08.409Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:07.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66586 (GCVE-0-2025-66586)
Vulnerability from nvd
Published
2025-12-11 20:54
Modified
2025-12-15 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:20.298251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:01.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:54:38.739Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66586",
"datePublished": "2025-12-11T20:54:38.739Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66585 (GCVE-0-2025-66585)
Vulnerability from nvd
Published
2025-12-11 20:56
Modified
2025-12-15 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:17.593175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:55.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
},
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:56:16.101Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use After Free vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66585",
"datePublished": "2025-12-11T20:56:16.101Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:33:55.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66584 (GCVE-0-2025-66584)
Vulnerability from nvd
Published
2025-12-11 20:58
Modified
2025-12-15 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:15.211292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:49.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:58:53.846Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66584",
"datePublished": "2025-12-11T20:58:53.846Z",
"dateReserved": "2025-12-04T21:11:02.200Z",
"dateUpdated": "2025-12-15T20:33:49.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66584 (GCVE-0-2025-66584)
Vulnerability from cvelistv5
Published
2025-12-11 20:58
Modified
2025-12-15 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:15.211292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:49.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:58:53.846Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66584",
"datePublished": "2025-12-11T20:58:53.846Z",
"dateReserved": "2025-12-04T21:11:02.200Z",
"dateUpdated": "2025-12-15T20:33:49.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66585 (GCVE-0-2025-66585)
Vulnerability from cvelistv5
Published
2025-12-11 20:56
Modified
2025-12-15 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:17.593175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:55.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
},
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:56:16.101Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use After Free vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66585",
"datePublished": "2025-12-11T20:56:16.101Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:33:55.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66586 (GCVE-0-2025-66586)
Vulnerability from cvelistv5
Published
2025-12-11 20:54
Modified
2025-12-15 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:20.298251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:01.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:54:38.739Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66586",
"datePublished": "2025-12-11T20:54:38.739Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66587 (GCVE-0-2025-66587)
Vulnerability from cvelistv5
Published
2025-12-11 20:53
Modified
2025-12-15 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:22.433215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:07.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:53:08.409Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66587",
"datePublished": "2025-12-11T20:53:08.409Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:07.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66588 (GCVE-0-2025-66588)
Vulnerability from cvelistv5
Published
2025-12-11 20:50
Modified
2025-12-15 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:24.632115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:13.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.\u003c/p\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:50:39.132Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Uninitialized Pointer vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66588",
"datePublished": "2025-12-11T20:50:39.132Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:13.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66589 (GCVE-0-2025-66589)
Vulnerability from cvelistv5
Published
2025-12-11 20:48
Modified
2025-12-17 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:26.723222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:19.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
},
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:35:21.005Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66589",
"datePublished": "2025-12-11T20:48:47.912Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-17T20:35:21.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66590 (GCVE-0-2025-66590)
Vulnerability from cvelistv5
Published
2025-12-11 20:45
Modified
2025-12-12 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T21:37:03.207098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:37:29.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
},
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:46:20.835Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66590",
"datePublished": "2025-12-11T20:45:55.130Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-12T21:37:29.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}