CVE-2026-12390 AzeoTech CVE debrief

Who should care

Organizations using AzeoTech DAQFactory versions 21.1 and prior should be aware of this HIGH-severity vulnerability and take necessary actions to prevent potential code execution attacks.

Technical summary

The Type Confusion vulnerability in AzeoTech DAQFactory versions 21.1 and prior can be exploited through specially crafted .ctl files. This vulnerability has a CVSS Score of 8.4 and a CVSS Severity of HIGH. The vulnerability is classified under CWE-843. The attack vector is Local (AV:L), and the attack complexity is Low (AC:L).

Defensive priority

HIGH

Recommended defensive actions

• Update AzeoTech DAQFactory to a version that is not vulnerable.
• Implement proper input validation and sanitization for .ctl files.
• Restrict access to .ctl files to authorized personnel only.
• Monitor systems for suspicious activity related to DAQFactory.
• Consider implementing additional security controls, such as intrusion detection and prevention systems.
• Review and update incident response plans to address potential code execution attacks.
• Refer to the CISA advisory for further guidance (see resource links).

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and the Common Vulnerability and Exposure (CVE) Program. The CVE record and NVD detail pages provide further information on this vulnerability.

Official resources