Skip to main content

AzeoTech DAQFactory CVE-2025-66590

HIGH
Out-of-bounds Write (CWE-787)
2025-12-11 ics-cert@hq.dhs.gov
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 04, 2026 - 21:31 vuln.today

DescriptionCVE.org

In AzeoTech DAQFactory release 20.7 (Build 2555), an out-of-bounds write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.

AnalysisAI

Out-of-bounds write in AzeoTech DAQFactory release 20.7 (Build 2555) enables arbitrary code execution or denial of service when a local user opens or interacts with attacker-supplied content. The flaw was reported through CISA ICS-CERT and disclosed in ICS advisory ICSA-25-345-03, indicating ICS/SCADA operational technology impact, though no public exploit identified at time of analysis and no CISA KEV listing exists.

Technical ContextAI

DAQFactory is a Windows-based HMI/SCADA application from AzeoTech used for data acquisition, instrument control, and operator interfaces in industrial environments, identified by CPE cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*. The root cause is CWE-787 (Out-of-bounds Write), a memory-safety defect in which the application writes data past the boundary of an allocated buffer - typically due to missing or incorrect length validation when parsing project files, configuration data, or external input. Out-of-bounds writes in native HMI code can corrupt adjacent heap or stack structures, enabling control-flow hijack and arbitrary code execution in the security context of the operator running DAQFactory, which on engineering workstations is often a privileged Windows account with access to the control network.

RemediationAI

No vendor-released patch identified at time of analysis from the supplied references; consult CISA advisory ICSA-25-345-03 (https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03) and the AzeoTech vendor page for an updated DAQFactory build superseding 20.7 (Build 2555) and apply it on all engineering workstations and HMIs. Until a fix is installed, restrict DAQFactory workstations to a segmented OT/control-system network behind a firewall, block inbound internet access and email/web browsing on those hosts to reduce malicious file delivery (trade-off: operators must transfer files via controlled removable media or jump hosts), and only open DAQFactory project (.ctl) and configuration files from trusted, integrity-verified sources. Enforce least-privilege Windows accounts for operators so a successful exploit does not yield SYSTEM, and enable application allow-listing and exploit mitigations (Windows Defender Exploit Guard, ASLR/CFG enforcement) on HMI hosts to raise the cost of memory-corruption exploitation.

Share

CVE-2025-66590 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy