AzeoTech DAQFactory CVE-2025-66590
HIGHSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
In AzeoTech DAQFactory release 20.7 (Build 2555), an out-of-bounds write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.
AnalysisAI
Out-of-bounds write in AzeoTech DAQFactory release 20.7 (Build 2555) enables arbitrary code execution or denial of service when a local user opens or interacts with attacker-supplied content. The flaw was reported through CISA ICS-CERT and disclosed in ICS advisory ICSA-25-345-03, indicating ICS/SCADA operational technology impact, though no public exploit identified at time of analysis and no CISA KEV listing exists.
Technical ContextAI
DAQFactory is a Windows-based HMI/SCADA application from AzeoTech used for data acquisition, instrument control, and operator interfaces in industrial environments, identified by CPE cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*. The root cause is CWE-787 (Out-of-bounds Write), a memory-safety defect in which the application writes data past the boundary of an allocated buffer - typically due to missing or incorrect length validation when parsing project files, configuration data, or external input. Out-of-bounds writes in native HMI code can corrupt adjacent heap or stack structures, enabling control-flow hijack and arbitrary code execution in the security context of the operator running DAQFactory, which on engineering workstations is often a privileged Windows account with access to the control network.
RemediationAI
No vendor-released patch identified at time of analysis from the supplied references; consult CISA advisory ICSA-25-345-03 (https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03) and the AzeoTech vendor page for an updated DAQFactory build superseding 20.7 (Build 2555) and apply it on all engineering workstations and HMIs. Until a fix is installed, restrict DAQFactory workstations to a segmented OT/control-system network behind a firewall, block inbound internet access and email/web browsing on those hosts to reduce malicious file delivery (trade-off: operators must transfer files via controlled removable media or jump hosts), and only open DAQFactory project (.ctl) and configuration files from trusted, integrity-verified sources. Enforce least-privilege Windows accounts for operators so a successful exploit does not yield SYSTEM, and enable application allow-listing and exploit mitigations (Windows Defender Exploit Guard, ASLR/CFG enforcement) on HMI hosts to raise the cost of memory-corruption exploitation.
More in Daqfactory
View allCode execution in AzeoTech DAQFactory versions 21.1 and prior is achievable when a user opens a maliciously crafted .ctl
Arbitrary code execution in AzeoTech DAQFactory (versions 21.1 and prior) arises from a use-after-free flaw triggered wh
Arbitrary code execution in AzeoTech DAQFactory release 20.7 (Build 2555) is possible when a local user opens or interac
Type confusion in AzeoTech DAQFactory 20.7 (Build 2555) enables arbitrary code execution when a user opens a maliciously
Local code execution in AzeoTech DAQFactory release 20.7 (Build 2555) is possible when a user opens a maliciously crafte
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today