Type Confusion in AzeoTech DAQFactory (CVE‑2026‑12390) Enables Arbitrary Code Execution
What It Is — AzeoTech DAQFactory ≤ 21.1 contains a type‑confusion flaw (CWE‑843) that can be triggered by a specially‑crafted .ctl file. When processed, the flaw may allow an attacker to execute arbitrary code on the host running the software.
Exploitability — CVSS v3 score 7.8 (High). Publicly disclosed; proof‑of‑concept code has been shared in advisory circles, indicating active exploitation is feasible.
Affected Products — AzeoTech DAQFactory versions ≤ 21.1 (industrial data‑acquisition and control software).
Why It Matters for Compliance & Audit Readiness
- Control Mapping: The vulnerability highlights gaps in file‑integrity and execution‑control policies that map to SOC 2 CC6.1 (System Operations) and CC7.2 (Change Management). Demonstrating that these controls are continuously monitored can satisfy auditors.
- Evidence of Due Diligence: Maintaining immutable logs of file‑origin checks and admin‑only write permissions provides audit‑ready evidence that the organization mitigates “unauthorized code execution” risks.
- Defensible Audit Trail: Documenting remediation steps (e.g., safe‑mode operation, password‑protected documents) in a centralized compliance repository helps prove ongoing risk‑management to regulators and enterprise customers.
Recommended Actions
- Patch Immediately – Upgrade to the latest DAQFactory release that addresses CVE‑2026‑12390.
- Restrict Write Access – Store
.ctlfiles in directories with admin‑only write permissions and enforce least‑privilege file system ACLs. - Enable Safe Mode – Configure DAQFactory to run in “Safe Mode” for any documents sourced from external parties.
- Apply Document Passwords – Use the built‑in document‑editing password feature to prevent unauthorized modifications.
- Log & Monitor – Capture file‑load events, hash the
.ctlfiles, and feed logs into a continuous‑compliance monitoring platform for SOC 2 evidence.
Source: CISA Advisory – ICSA‑26‑169‑02