AzeoTech DAQFactory (Update A)

HIGH

CVSS 7.8

Date 2026-06-25T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of these vulnerabilities could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution.

CVE ID	CVSS Score	Severity	Description
CVE-2026-12921	7.8	high	In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
CVE-2026-12390	7.8	high	In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.

Mitigation: Users are encouraged to apply a document editing password to their documents.

Users are encouraged to apply a document editing password to their documents.

Mitigation: Users are discouraged from using documents from unknown/untrusted sources.

Users are discouraged from using documents from unknown/untrusted sources.

Mitigation: Users are encouraged to operate in "Safe Mode" when loading documents that have been out of their co

Users are encouraged to operate in "Safe Mode" when loading documents that have been out of their control.

Mitigation: Users are encouraged to store .ctl files in a folder only writeable by admin-level users.

Users are encouraged to store .ctl files in a folder only writeable by admin-level users.