HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Type Confusion in AzeoTech DAQFactory (CVE‑2026‑12390) Enables Arbitrary Code Execution on Industrial Systems

AzeoTech DAQFactory versions ≤ 21.1 contain a type‑confusion flaw (CVE‑2026‑12390) that can be exploited via malicious .ctl files to execute arbitrary code. The issue is rated CVSS 7.8, making it a high‑severity risk for manufacturers that rely on the software for process control. For SOC 2‑aligned organizations, the flaw underscores the need for continuous control mapping and auditable evidence of file‑integrity safeguards.

LiveThreat™ Intelligence · 📅 June 18, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Type Confusion in AzeoTech DAQFactory (CVE‑2026‑12390) Enables Arbitrary Code Execution

What It Is — AzeoTech DAQFactory ≤ 21.1 contains a type‑confusion flaw (CWE‑843) that can be triggered by a specially‑crafted .ctl file. When processed, the flaw may allow an attacker to execute arbitrary code on the host running the software.

Exploitability — CVSS v3 score 7.8 (High). Publicly disclosed; proof‑of‑concept code has been shared in advisory circles, indicating active exploitation is feasible.

Affected Products — AzeoTech DAQFactory versions ≤ 21.1 (industrial data‑acquisition and control software).

Why It Matters for Compliance & Audit Readiness

  • Control Mapping: The vulnerability highlights gaps in file‑integrity and execution‑control policies that map to SOC 2 CC6.1 (System Operations) and CC7.2 (Change Management). Demonstrating that these controls are continuously monitored can satisfy auditors.
  • Evidence of Due Diligence: Maintaining immutable logs of file‑origin checks and admin‑only write permissions provides audit‑ready evidence that the organization mitigates “unauthorized code execution” risks.
  • Defensible Audit Trail: Documenting remediation steps (e.g., safe‑mode operation, password‑protected documents) in a centralized compliance repository helps prove ongoing risk‑management to regulators and enterprise customers.

Recommended Actions

  • Patch Immediately – Upgrade to the latest DAQFactory release that addresses CVE‑2026‑12390.
  • Restrict Write Access – Store .ctl files in directories with admin‑only write permissions and enforce least‑privilege file system ACLs.
  • Enable Safe Mode – Configure DAQFactory to run in “Safe Mode” for any documents sourced from external parties.
  • Apply Document Passwords – Use the built‑in document‑editing password feature to prevent unauthorized modifications.
  • Log & Monitor – Capture file‑load events, hash the .ctl files, and feed logs into a continuous‑compliance monitoring platform for SOC 2 evidence.

Source: CISA Advisory – ICSA‑26‑169‑02

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →