Search criteria
50 vulnerabilities found for daqfactory by azeotech
CVE-2025-66590 (GCVE-0-2025-66590)
Vulnerability from nvd – Published: 2025-12-11 20:45 – Updated: 2025-12-12 21:37
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
Michael Heinzl
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T21:37:03.207098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:37:29.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
},
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:46:20.835Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66590",
"datePublished": "2025-12-11T20:45:55.130Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-12T21:37:29.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66589 (GCVE-0-2025-66589)
Vulnerability from nvd – Published: 2025-12-11 20:48 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:26.723222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:19.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:48:47.912Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66589",
"datePublished": "2025-12-11T20:48:47.912Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:19.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66588 (GCVE-0-2025-66588)
Vulnerability from nvd – Published: 2025-12-11 20:50 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
Severity ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:24.632115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:13.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.\u003c/p\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:50:39.132Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Uninitialized Pointer vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66588",
"datePublished": "2025-12-11T20:50:39.132Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:13.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66586 (GCVE-0-2025-66586)
Vulnerability from nvd – Published: 2025-12-11 20:54 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:20.298251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:01.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:54:38.739Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66586",
"datePublished": "2025-12-11T20:54:38.739Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66584 (GCVE-0-2025-66584)
Vulnerability from nvd – Published: 2025-12-11 20:58 – Updated: 2025-12-15 20:33
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:15.211292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:49.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:58:53.846Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66584",
"datePublished": "2025-12-11T20:58:53.846Z",
"dateReserved": "2025-12-04T21:11:02.200Z",
"dateUpdated": "2025-12-15T20:33:49.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66587 (GCVE-0-2025-66587)
Vulnerability from nvd – Published: 2025-12-11 20:53 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:22.433215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:07.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:53:08.409Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66587",
"datePublished": "2025-12-11T20:53:08.409Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:07.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66585 (GCVE-0-2025-66585)
Vulnerability from nvd – Published: 2025-12-11 20:56 – Updated: 2025-12-15 20:33
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
Michael Heinzl
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:17.593175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:55.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
},
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:56:16.101Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use After Free vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66585",
"datePublished": "2025-12-11T20:56:16.101Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:33:55.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42698 (GCVE-0-2021-42698)
Vulnerability from nvd – Published: 2021-11-05 15:39 – Updated: 2024-08-04 03:38
VLAI?
Summary
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.
Severity ?
7.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
All versions , ≤ New version
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "New version",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T15:39:34",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AzeoTech DAQFactory",
"workarounds": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42698",
"STATE": "PUBLIC",
"TITLE": "AzeoTech DAQFactory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAQFactory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All versions",
"version_value": "New version"
}
]
}
}
]
},
"vendor_name": "AzeoTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42698",
"datePublished": "2021-11-05T15:39:34",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66584 (GCVE-0-2025-66584)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:58 – Updated: 2025-12-15 20:33
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:15.211292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:49.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:58:53.846Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66584",
"datePublished": "2025-12-11T20:58:53.846Z",
"dateReserved": "2025-12-04T21:11:02.200Z",
"dateUpdated": "2025-12-15T20:33:49.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66585 (GCVE-0-2025-66585)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:56 – Updated: 2025-12-15 20:33
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
Michael Heinzl
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:17.593175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:33:55.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
},
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:56:16.101Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use After Free vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66585",
"datePublished": "2025-12-11T20:56:16.101Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:33:55.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66586 (GCVE-0-2025-66586)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:54 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:20.298251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:01.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:54:38.739Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66586",
"datePublished": "2025-12-11T20:54:38.739Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66587 (GCVE-0-2025-66587)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:53 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:22.433215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:07.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:53:08.409Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66587",
"datePublished": "2025-12-11T20:53:08.409Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:07.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66588 (GCVE-0-2025-66588)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:50 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
Severity ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:24.632115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:13.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.\u003c/p\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:50:39.132Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Uninitialized Pointer vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66588",
"datePublished": "2025-12-11T20:50:39.132Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:13.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66589 (GCVE-0-2025-66589)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:48 – Updated: 2025-12-15 20:34
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:26.723222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:19.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:48:47.912Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66589",
"datePublished": "2025-12-11T20:48:47.912Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-15T20:34:19.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66590 (GCVE-0-2025-66590)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:45 – Updated: 2025-12-12 21:37
VLAI?
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
|
Credits
Michael Heinzl
ZDI
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T21:37:03.207098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:37:29.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl"
},
{
"lang": "en",
"type": "finder",
"value": "ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:46:20.835Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66590",
"datePublished": "2025-12-11T20:45:55.130Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2025-12-12T21:37:29.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42698 (GCVE-0-2021-42698)
Vulnerability from cvelistv5 – Published: 2021-11-05 15:39 – Updated: 2024-08-04 03:38
VLAI?
Summary
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.
Severity ?
7.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
All versions , ≤ New version
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "New version",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T15:39:34",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AzeoTech DAQFactory",
"workarounds": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42698",
"STATE": "PUBLIC",
"TITLE": "AzeoTech DAQFactory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAQFactory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All versions",
"version_value": "New version"
}
]
}
}
]
},
"vendor_name": "AzeoTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42698",
"datePublished": "2021-11-05T15:39:34",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42701 (GCVE-0-2021-42701)
Vulnerability from cvelistv5 – Published: 2021-11-05 15:39 – Updated: 2024-08-04 03:38
VLAI?
Summary
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.
Severity ?
5 (Medium)
CWE
- CWE-471 - Modification of Assumed-Immutable Data (MAID)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
All versions , ≤ New version
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "New version",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T15:39:27",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AzeoTech DAQFactory",
"workarounds": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42701",
"STATE": "PUBLIC",
"TITLE": "AzeoTech DAQFactory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAQFactory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All versions",
"version_value": "New version"
}
]
}
}
]
},
"vendor_name": "AzeoTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-471 Modification of Assumed-Immutable Data (MAID)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42701",
"datePublished": "2021-11-05T15:39:27",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201109-0185
Vulnerability from variot - Updated: 2023-12-18 14:02Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034. AzeoTech DAQFactory is an HMI/SCADA software. When the DAQFactory runs on the UDP 20034 port, the maximum received NETB message is 0x400 bytes. AzeoTech DAQFactory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. DAQFactory 5.85 build 1853 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.77"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.72"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.82"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.71"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.74"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.40"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.39"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.73"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.70"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.38"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.80"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.34"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "4.10"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.02"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "4.00"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.11"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.37"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.0"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.09"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.31"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.83"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.0"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.03"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.04"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.03"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.84"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.35"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.75"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.05"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.78"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.11"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.12"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.05"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.10"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.10"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.32"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.55"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.53"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.51"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.5"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.85"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.52"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.36"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.79"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "4.11"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.15"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.76"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.30"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.33"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.01"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 0.8,
"vendor": "azeotech",
"version": "5.85 build 1853"
},
{
"model": "daqfactory azeotech daqfactory build",
"scope": "lte",
"trust": 0.6,
"vendor": "azeotech",
"version": "\u003c=5.851853"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "daqfactory",
"version": "5.83"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.51"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.55"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "4.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "4.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "4.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.33"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.35"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.36"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.37"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.38"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.39"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.74"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.75"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.76"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.77"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.78"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.79"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.80"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.82"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.84"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3660"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.83:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.82:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.85",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.78:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:4.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.84:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3492"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49606"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-187"
}
],
"trust": 0.9
},
"cve": "CVE-2011-3492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3492",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3492",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-265",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034. AzeoTech DAQFactory is an HMI/SCADA software. When the DAQFactory runs on the UDP 20034 port, the maximum received NETB message is 0x400 bytes. AzeoTech DAQFactory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. \nDAQFactory 5.85 build 1853 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"db": "CNVD",
"id": "CNVD-2011-3660"
},
{
"db": "BID",
"id": "49606"
},
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3492",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-02",
"trust": 2.4
},
{
"db": "BID",
"id": "49606",
"trust": 1.5
},
{
"db": "ICS CERT",
"id": "ICSA-11-264-01",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "75496",
"trust": 1.0
},
{
"db": "EXPLOIT-DB",
"id": "17855",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-3660",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002251",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-187",
"trust": 0.6
},
{
"db": "IVD",
"id": "60FF566E-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3660"
},
{
"db": "BID",
"id": "49606"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-187"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
]
},
"id": "VAR-201109-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3660"
}
],
"trust": 1.57867383
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3660"
}
]
},
"last_update_date": "2023-12-18T14:02:09.108000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.azeotech.com/index.php"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"db": "NVD",
"id": "CVE-2011-3492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-264-01.pdf"
},
{
"trust": 1.0,
"url": "http://osvdb.org/75496"
},
{
"trust": 1.0,
"url": "http://www.exploit-db.com/exploits/17855"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3492"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3492"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49606"
},
{
"trust": 0.3,
"url": "http://www.azeotech.com/index.php"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3660"
},
{
"db": "BID",
"id": "49606"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-187"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3660"
},
{
"db": "BID",
"id": "49606"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-187"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3660"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49606"
},
{
"date": "2011-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"date": "2011-09-16T14:28:13.073000",
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-187"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3660"
},
{
"date": "2011-09-22T16:00:00",
"db": "BID",
"id": "49606"
},
{
"date": "2011-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002251"
},
{
"date": "2017-08-29T01:30:12.850000",
"db": "NVD",
"id": "CVE-2011-3492"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-187"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-187"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AzeoTech DAQFactory NETB Data Frame Parsing Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "60ff566e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-187"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-265"
}
],
"trust": 1.4
}
}
VAR-201709-0615
Vulnerability from variot - Updated: 2023-12-18 13:57An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. AzeoTech DAQFactory Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. Versions prior to DAQFactory 17.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0615",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "lt",
"trust": 1.4,
"vendor": "azeotech",
"version": "17.1"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "16.3"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.9,
"vendor": "azeotech",
"version": "16.3"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.91"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.90"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.86"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.85"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.84"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.83"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "16.2"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "16.1"
},
{
"model": "daqfactory",
"scope": "ne",
"trust": 0.3,
"vendor": "azeotech",
"version": "17.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100522"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5147",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-23888",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "93aca8ed-db66-4e65-9918-6da112ded248",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-5147",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5147",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23888",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-088",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. AzeoTech DAQFactory Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory is prone to multiple security vulnerabilities. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. \nVersions prior to DAQFactory 17.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5147",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-241-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100522",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23888",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912",
"trust": 0.8
},
{
"db": "IVD",
"id": "93ACA8ED-DB66-4E65-9918-6DA112DED248",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"id": "VAR-201709-0615",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
}
],
"trust": 1.35734766
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
}
]
},
"last_update_date": "2023-12-18T13:57:16.166000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.azeotech.com/daqfactory.php"
},
{
"title": "AzeoTech DAQFactory Uncontrolled Search Path Element Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101183"
},
{
"title": "AzeoTech DAQFactory Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74543"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "NVD",
"id": "CVE-2017-5147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100522"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5147"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5147"
},
{
"trust": 0.3,
"url": "http://www.azeotech.com/index.php"
},
{
"trust": 0.3,
"url": "https://www.azeotech.com/j/revision-history.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100522"
},
{
"date": "2017-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"date": "2017-09-09T01:29:02.847000",
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23888"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100522"
},
{
"date": "2017-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007912"
},
{
"date": "2019-10-09T23:28:11.947000",
"db": "NVD",
"id": "CVE-2017-5147"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AzeoTech DAQFactory Uncontrolled search path element vulnerability",
"sources": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNVD",
"id": "CNVD-2017-23888"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "93aca8ed-db66-4e65-9918-6da112ded248"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-088"
}
],
"trust": 0.8
}
}
VAR-201709-1004
Vulnerability from variot - Updated: 2023-12-18 13:57An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. AzeoTech DAQFactory Contains a permission vulnerability.Information may be obtained and information may be altered. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory has an unauthorized modification vulnerability that can be replaced or modified by a local non-administrative user. AzeoTech DAQFactory is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. Versions prior to DAQFactory 17.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "lt",
"trust": 1.4,
"vendor": "azeotech",
"version": "17.1"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "16.3"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.9,
"vendor": "azeotech",
"version": "16.3"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.91"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.90"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.86"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.85"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.84"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.83"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "16.2"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "16.1"
},
{
"model": "daqfactory",
"scope": "ne",
"trust": 0.3,
"vendor": "azeotech",
"version": "17.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12699"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100522"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12699",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-23889",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12699",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12699",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23889",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. AzeoTech DAQFactory Contains a permission vulnerability.Information may be obtained and information may be altered. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory has an unauthorized modification vulnerability that can be replaced or modified by a local non-administrative user. AzeoTech DAQFactory is prone to multiple security vulnerabilities. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. \nVersions prior to DAQFactory 17.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12699",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-241-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100522",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23889",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995",
"trust": 0.8
},
{
"db": "IVD",
"id": "3EB14E05-8B6E-4072-B09A-1FA9B86F3B73",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"id": "VAR-201709-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
}
],
"trust": 1.35734766
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
}
]
},
"last_update_date": "2023-12-18T13:57:16.200000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.azeotech.com/daqfactory.php"
},
{
"title": "AzeoTech DAQFactory is not authorized to modify the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101184"
},
{
"title": "AzeoTech DAQFactory Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74542"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.0
},
{
"problemtype": "CWE-275",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100522"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12699"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12699"
},
{
"trust": 0.3,
"url": "http://www.azeotech.com/index.php"
},
{
"trust": 0.3,
"url": "https://www.azeotech.com/j/revision-history.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100522"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"date": "2017-09-09T01:29:02.363000",
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100522"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"date": "2019-10-09T23:23:09.810000",
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AzeoTech DAQFactory Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
],
"trust": 0.6
}
}
VAR-201107-0256
Vulnerability from variot - Updated: 2023-12-18 13:49AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. ( System restart or shutdown ) There is a vulnerability that becomes a condition.Service disruption via a signal by a third party ( System restart or shutdown ) There is a possibility of being put into a state. AzeoTech DAQFactory is a complete system solution that embraces data acquisition, process control and data analysis. AzeoTech DAQFactory has a denial of service vulnerability that a malicious attacker can use to cause a denial of service. AzeoTech DAQFactory is prone to a denial-of-service vulnerability. Versions prior to DAQFactory 5.85 are vulnerable. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: AzeoTech DAQFactory Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA45633
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45633/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45633
RELEASE DATE: 2011-08-23
DISCUSS ADVISORY: http://secunia.com/advisories/45633/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45633/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45633
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in AzeoTech DAQFactory, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error related to certain network features and can be exploited to cause a crash.
SOLUTION: Update to version 5.85 build 1842.
PROVIDED AND/OR DISCOVERED BY: nSense via ICS-CERT.
ORIGINAL ADVISORY: AzeoTech: http://www.azeotech.com/revisionhistory.php
ISC-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201107-0256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "4.10"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "4.00"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.0"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "3.10"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "3.55"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "3.53"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "3.52"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "4.11"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.6,
"vendor": "azeotech",
"version": "5.01"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.84"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.77"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.80"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.34"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.02"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.11"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.72"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.37"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.09"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.31"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.83"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.82"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.0"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.03"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.04"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.71"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.74"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.03"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.35"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.75"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.05"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.40"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.78"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.11"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.12"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.05"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.10"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.39"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.32"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.51"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "3.5"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.73"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.36"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.70"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.79"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.15"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.76"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.30"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.33"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "5.38"
},
{
"model": "daqfactory",
"scope": "lt",
"trust": 0.8,
"vendor": "azeotech",
"version": "5.85 (build 1842)"
},
{
"model": "daqfactory build",
"scope": "lt",
"trust": 0.6,
"vendor": "azeotech",
"version": "5.851842"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.6,
"vendor": "azeotech",
"version": "5.84"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "daqfactory",
"version": "5.83"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.51"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "3.55"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "4.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "4.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "4.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.33"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.35"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.36"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.37"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.38"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.39"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.71"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.72"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.74"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.75"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.76"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.77"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.78"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.79"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.80"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "5.82"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:4.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.78:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.84",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.82:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.83:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:3.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2956"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Knud Erik H\u00f8jgaard of nsense.",
"sources": [
{
"db": "BID",
"id": "48955"
}
],
"trust": 0.3
},
"cve": "CVE-2011-2956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-2956",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c29256d6-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2956",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201107-432",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. ( System restart or shutdown ) There is a vulnerability that becomes a condition.Service disruption via a signal by a third party ( System restart or shutdown ) There is a possibility of being put into a state. AzeoTech DAQFactory is a complete system solution that embraces data acquisition, process control and data analysis. AzeoTech DAQFactory has a denial of service vulnerability that a malicious attacker can use to cause a denial of service. AzeoTech DAQFactory is prone to a denial-of-service vulnerability. \nVersions prior to DAQFactory 5.85 are vulnerable. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nAzeoTech DAQFactory Unspecified Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45633\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45633/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45633\n\nRELEASE DATE:\n2011-08-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45633/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45633/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45633\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in AzeoTech DAQFactory, which can\nbe exploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an unspecified error related to\ncertain network features and can be exploited to cause a crash. \n\nSOLUTION:\nUpdate to version 5.85 build 1842. \n\nPROVIDED AND/OR DISCOVERED BY:\nnSense via ICS-CERT. \n\nORIGINAL ADVISORY:\nAzeoTech:\nhttp://www.azeotech.com/revisionhistory.php\n\nISC-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"db": "BID",
"id": "48955"
},
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "104369"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2956",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-11-122-01",
"trust": 2.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3322",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "45633",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485",
"trust": 0.8
},
{
"db": "BID",
"id": "48955",
"trust": 0.3
},
{
"db": "IVD",
"id": "C29256D6-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "104369",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"db": "BID",
"id": "48955"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "PACKETSTORM",
"id": "104369"
},
{
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"id": "VAR-201107-0256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3322"
}
],
"trust": 1.35734766
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3322"
}
]
},
"last_update_date": "2023-12-18T13:49:15.172000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.azeotech.com/daqfactory.php"
},
{
"title": "AzeoTech DAQFactory denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4868"
},
{
"title": "DAQFactoryR5Inst",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "NVD",
"id": "CVE-2011-2956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-122-01.pdf"
},
{
"trust": 2.0,
"url": "http://www.azeotech.com/revisionhistory.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2956"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2956"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/45633/"
},
{
"trust": 0.3,
"url": "http://www.azeotech.com/index.php"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2011/oct/532"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45633"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45633/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"db": "BID",
"id": "48955"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "PACKETSTORM",
"id": "104369"
},
{
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"db": "BID",
"id": "48955"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"db": "PACKETSTORM",
"id": "104369"
},
{
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-24T00:00:00",
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-08-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"date": "2011-06-24T00:00:00",
"db": "BID",
"id": "48955"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"date": "2011-08-23T12:11:05",
"db": "PACKETSTORM",
"id": "104369"
},
{
"date": "2011-07-28T18:55:03.250000",
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"date": "2011-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"date": "2011-10-12T23:30:00",
"db": "BID",
"id": "48955"
},
{
"date": "2011-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003485"
},
{
"date": "2011-07-29T04:00:00",
"db": "NVD",
"id": "CVE-2011-2956"
},
{
"date": "2011-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AzeoTech DAQFactory Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "c29256d6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3322"
},
{
"db": "BID",
"id": "48955"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201107-432"
}
],
"trust": 0.6
}
}
VAR-202111-0149
Vulnerability from variot - Updated: 2023-12-18 13:22The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. DAQFactory There are vulnerabilities in the use of inherently dangerous features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications.
DAQFactory 18.1 Build 2347 and earlier have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory",
"scope": null,
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory build",
"scope": "lte",
"trust": 0.6,
"vendor": "azeotech",
"version": "\u003c=18.12347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85895"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "NVD",
"id": "CVE-2021-42543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42543"
}
]
},
"cve": "CVE-2021-42543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-42543",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-85895",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-003934",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-42543",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-42543",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-85895",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-467",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85895"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. DAQFactory There are vulnerabilities in the use of inherently dangerous features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications. \n\r\n\r\nDAQFactory 18.1 Build 2347 and earlier have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "CNVD",
"id": "CNVD-2021-85895"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-308-02",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2021-42543",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91156086",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003934",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-85895",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3696",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110801",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-467",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85895"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
]
},
"id": "VAR-202111-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85895"
}
],
"trust": 1.1573476600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85895"
}
]
},
"last_update_date": "2023-12-18T13:22:41.495000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.azeotech.com/j/index.php"
},
{
"title": "AzeoTech DAQFactory Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169057"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-242",
"trust": 1.0
},
{
"problemtype": "Use of inherently dangerous features (CWE-242) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "NVD",
"id": "CVE-2021-42543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91156086/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3696"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110801"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85895"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-85895"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85895"
},
{
"date": "2021-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"date": "2021-11-05T16:15:07.757000",
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"date": "2021-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85895"
},
{
"date": "2021-11-10T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-003934"
},
{
"date": "2021-11-08T21:41:09.410000",
"db": "NVD",
"id": "CVE-2021-42543"
},
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DAQFactory\u00a0 Vulnerability in using inherently dangerous features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003934"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-467"
}
],
"trust": 0.6
}
}
VAR-202111-0012
Vulnerability from variot - Updated: 2023-12-18 13:22An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account. DAQFactory There is a vulnerability in data modification that is supposed to be immutable.Information may be obtained and information may be tampered with. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications.
A man-in-the-middle attack vulnerability exists in DAQFactory 18.1 Build 2347 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory",
"scope": null,
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory build",
"scope": "lte",
"trust": 0.6,
"vendor": "azeotech",
"version": "\u003c=18.12347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "NVD",
"id": "CVE-2021-42701"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42701"
}
]
},
"cve": "CVE-2021-42701",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-42701",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-85892",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42701",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-42701",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-42701",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-85892",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-468",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account. DAQFactory There is a vulnerability in data modification that is supposed to be immutable.Information may be obtained and information may be tampered with. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications. \n\r\n\r\nA man-in-the-middle attack vulnerability exists in DAQFactory 18.1 Build 2347 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "CNVD",
"id": "CNVD-2021-85892"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-308-02",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2021-42701",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91156086",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003935",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-85892",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3696",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110801",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-468",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
]
},
"id": "VAR-202111-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85892"
}
],
"trust": 1.1573476600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85892"
}
]
},
"last_update_date": "2023-12-18T13:22:41.422000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.azeotech.com/j/index.php"
},
{
"title": "AzeoTech DAQFactory Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169058"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-471",
"trust": 1.0
},
{
"problemtype": "Data changes that are assumed to be immutable (CWE-471) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "NVD",
"id": "CVE-2021-42701"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91156086/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42701"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3696"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110801"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85892"
},
{
"date": "2021-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"date": "2021-11-05T16:15:07.947000",
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"date": "2021-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85892"
},
{
"date": "2021-11-10T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-003935"
},
{
"date": "2021-11-09T14:48:11.030000",
"db": "NVD",
"id": "CVE-2021-42701"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DAQFactory\u00a0 Vulnerability in data modification that is assumed to be immutable in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003935"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-468"
}
],
"trust": 0.6
}
}
VAR-202111-0058
Vulnerability from variot - Updated: 2023-12-18 13:22Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory. DAQFactory There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications.
A deserialization vulnerability exists in DAQFactory 18.1 Build 2347 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory",
"scope": null,
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory build",
"scope": "lte",
"trust": 0.6,
"vendor": "azeotech",
"version": "\u003c=18.12347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85894"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "NVD",
"id": "CVE-2021-42698"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42698"
}
]
},
"cve": "CVE-2021-42698",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-42698",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-85894",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-003937",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-42698",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-42698",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-85894",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-470",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85894"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory. DAQFactory There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications. \n\r\n\r\nA deserialization vulnerability exists in DAQFactory 18.1 Build 2347 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "CNVD",
"id": "CNVD-2021-85894"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-308-02",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2021-42698",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91156086",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003937",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-85894",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3696",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110801",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-470",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85894"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
]
},
"id": "VAR-202111-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85894"
}
],
"trust": 1.1573476600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85894"
}
]
},
"last_update_date": "2023-12-18T13:22:41.445000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.azeotech.com/j/index.php"
},
{
"title": "AzeoTech DAQFactory Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169060"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "NVD",
"id": "CVE-2021-42698"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91156086/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42698"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3696"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110801"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85894"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-85894"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85894"
},
{
"date": "2021-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"date": "2021-11-05T16:15:07.823000",
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"date": "2021-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85894"
},
{
"date": "2021-11-10T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-003937"
},
{
"date": "2021-11-09T13:56:23.843000",
"db": "NVD",
"id": "CVE-2021-42698"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DAQFactory\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003937"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-470"
}
],
"trust": 0.6
}
}
VAR-202111-0013
Vulnerability from variot - Updated: 2023-12-18 13:22The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. DAQFactory Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications.
A plaintext transmission vulnerability exists in DAQFactory 18.1 Build 2347 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "eq",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "18.1"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory",
"scope": null,
"trust": 0.8,
"vendor": "azeotech",
"version": null
},
{
"model": "daqfactory build",
"scope": "lte",
"trust": 0.6,
"vendor": "azeotech",
"version": "\u003c=18.12347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "NVD",
"id": "CVE-2021-42699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42699"
}
]
},
"cve": "CVE-2021-42699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-42699",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-85893",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42699",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-42699",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-42699",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-85893",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-469",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user\u2019s cookie and take over the account. DAQFactory Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications. \n\r\n\r\nA plaintext transmission vulnerability exists in DAQFactory 18.1 Build 2347 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "CNVD",
"id": "CNVD-2021-85893"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-308-02",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2021-42699",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91156086",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003936",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-85893",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3696",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110801",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-469",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
]
},
"id": "VAR-202111-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85893"
}
],
"trust": 1.1573476600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85893"
}
]
},
"last_update_date": "2023-12-18T13:22:41.470000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.azeotech.com/j/index.php"
},
{
"title": "AzeoTech DAQFactory Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169059"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "Sending important information in clear text (CWE-319) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "NVD",
"id": "CVE-2021-42699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91156086/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42699"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3696"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110801"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-85893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-85893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85893"
},
{
"date": "2021-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"date": "2021-11-05T16:15:07.883000",
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"date": "2021-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-85893"
},
{
"date": "2021-11-10T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-003936"
},
{
"date": "2021-11-09T14:35:52.460000",
"db": "NVD",
"id": "CVE-2021-42699"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DAQFactory\u00a0 Vulnerability in plaintext transmission of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003936"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-469"
}
],
"trust": 0.6
}
}
VAR-200912-0357
Vulnerability from variot - Updated: 2023-12-18 13:20Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. AzeoTech DAQFactory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed attacks will cause denial-of-service conditions. DAQFactory 5.77 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: DAQFactory Web Service Unspecified Buffer Overflow
SECUNIA ADVISORY ID: SA36504
VERIFY ADVISORY: http://secunia.com/advisories/36504/
DESCRIPTION: A vulnerability has been reported in DAQFactory, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 5.77.
SOLUTION: Disable the web service if not required or restrict access to it.
PROVIDED AND/OR DISCOVERED BY: Reportedly a module for VulnDisco Pack.
ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200912-0357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "eq",
"trust": 2.4,
"vendor": "azeotech",
"version": "5.77"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:5.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4480"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "BID",
"id": "42001"
}
],
"trust": 0.3
},
"cve": "CVE-2009-4480",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-4480",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-4480",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200912-421",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. AzeoTech DAQFactory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed attacks will cause denial-of-service conditions. \nDAQFactory 5.77 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nDAQFactory Web Service Unspecified Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA36504\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36504/\n\nDESCRIPTION:\nA vulnerability has been reported in DAQFactory, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in version 5.77. \n\nSOLUTION:\nDisable the web service if not required or restrict access to it. \n\nPROVIDED AND/OR DISCOVERED BY:\nReportedly a module for VulnDisco Pack. \n\nORIGINAL ADVISORY:\nhttp://intevydis.com/vd-list.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"db": "BID",
"id": "42001"
},
{
"db": "PACKETSTORM",
"id": "80989"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4480",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "36504",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004002",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200912-421",
"trust": 0.6
},
{
"db": "BID",
"id": "42001",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "80989",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "42001"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"db": "PACKETSTORM",
"id": "80989"
},
{
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
]
},
"id": "VAR-200912-0357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.55734766
},
"last_update_date": "2023-12-18T13:20:26.798000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.azeotech.com/index.php"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"db": "NVD",
"id": "CVE-2009-4480"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://secunia.com/advisories/36504"
},
{
"trust": 1.1,
"url": "http://intevydis.com/vd-list.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4480"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4480"
},
{
"trust": 0.3,
"url": "http://www.azeotech.com/index.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36504/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "BID",
"id": "42001"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"db": "PACKETSTORM",
"id": "80989"
},
{
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "42001"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"db": "PACKETSTORM",
"id": "80989"
},
{
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-03T00:00:00",
"db": "BID",
"id": "42001"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"date": "2009-09-04T09:53:50",
"db": "PACKETSTORM",
"id": "80989"
},
{
"date": "2009-12-30T21:30:00.453000",
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"date": "2009-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-03T00:00:00",
"db": "BID",
"id": "42001"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004002"
},
{
"date": "2009-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2009-4480"
},
{
"date": "2009-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AzeoTech DAQFactory of Web Service buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-421"
}
],
"trust": 0.6
}
}
FKIE_CVE-2021-42543
Vulnerability from fkie_nvd - Published: 2021-11-05 16:15 - Updated: 2024-11-21 06:27
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n afectada usa funciones espec\u00edficas que podr\u00edan ser abusadas mediante un archivo de proyecto dise\u00f1ado, lo que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo, el reinicio del sistema y el apagado del mismo"
}
],
"id": "CVE-2021-42543",
"lastModified": "2024-11-21T06:27:46.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.757",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-242"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-42698
Vulnerability from fkie_nvd - Published: 2021-11-05 16:15 - Updated: 2024-11-21 06:27
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
},
{
"lang": "es",
"value": "Los archivos de proyecto son objetos de memoria almacenados en forma de datos binarios serializados que posteriormente pueden ser le\u00eddos y deserializados de nuevo para instanciar los objetos originales en memoria. La manipulaci\u00f3n maliciosa de estos archivos puede permitir a un atacante corromper la memoria"
}
],
"id": "CVE-2021-42698",
"lastModified": "2024-11-21T06:27:59.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.823",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-42701
Vulnerability from fkie_nvd - Published: 2021-11-05 16:15 - Updated: 2024-11-21 06:28
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account."
},
{
"lang": "es",
"value": "Un atacante podr\u00eda preparar un archivo de proyecto especialmente dise\u00f1ado que, si es abierto, intentar\u00eda conectarse a la nube y desencadenar un ataque de tipo man in the middle (MiTM). Esto podr\u00eda permitir a un atacante obtener credenciales y tomar el control de la cuenta en la nube del usuario"
}
],
"id": "CVE-2021-42701",
"lastModified": "2024-11-21T06:28:00.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.947",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-471"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-42699
Vulnerability from fkie_nvd - Published: 2021-11-05 16:15 - Updated: 2024-11-21 06:27
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user\u2019s cookie and take over the account."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a que la informaci\u00f3n de las cookies se transmita como texto sin cifrar a trav\u00e9s de HTTP. Un atacante puede capturar el tr\u00e1fico de red, obtener la cookie del usuario y hacerse con la cuenta"
}
],
"id": "CVE-2021-42699",
"lastModified": "2024-11-21T06:27:59.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.883",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}