AzeoTech DAQFactory
Summary
A Type Confusion vulnerability exists in AzeoTech DAQFactory versions 21.1 and prior, allowing for arbitrary code execution through specially crafted .ctl files. Successful exploitation could enable an attacker to upload malicious control files, potentially leading to significant compromise.
IFF Assessment
This vulnerability allows for arbitrary code execution, which is detrimental to defenders as it can be leveraged by attackers to gain control of systems.
Severity
The CVSS score of 7.8 (HIGH) reflects a high severity due to the potential for arbitrary code execution, which typically implies a significant impact on confidentiality, integrity, and availability.
Defender Context
This vulnerability affects the AzeoTech DAQFactory, which is used in critical manufacturing sectors worldwide. Defenders should be aware of this type confusion vulnerability that can lead to arbitrary code execution. Implementing the suggested mitigations, such as restricting write access to .ctl files and using document passwords, is crucial to protect against potential exploitation.