OTPulse
FeedAboutContact

AzeoTech DAQFactory Stack Overflow

Act NowICS-CERT ICSA-11-264-01Jun 24, 2011
Summary

AzeoTech DAQFactory version 5.85 contains a stack overflow vulnerability (CWE-119) that could allow an attacker to execute arbitrary code. The vulnerability exists in the input handling of the DAQFactory process. No vendor patch is available for this issue.

What this means
What could happen
A stack overflow in DAQFactory could allow an attacker to execute arbitrary code on the engineering workstation or server running the software, potentially disrupting monitoring and control of plant operations.
Who's at risk
Any organization using AzeoTech DAQFactory for industrial process monitoring and control, including utilities, manufacturing facilities, and research institutions that rely on DAQFactory for data acquisition and supervisory functions.
How it could be exploited
An attacker would need to craft a malicious input (such as a specially formatted command or file) that overflows the stack buffer in DAQFactory. If the attacker can reach the DAQFactory interface over the network or supply a malicious file to a user, they could trigger the overflow and execute arbitrary code on the host system.
Prerequisites
  • Network access to DAQFactory application port or interface
  • Ability to send specially crafted input or file to the DAQFactory process
stack overflow vulnerabilityno patch availablehigh EPSS score (78.3%)affects engineering workstations and control serverspotential for remote code execution
Exploitability
High exploit probability (EPSS 78.3%)
Affected products (1)
ProductAffected VersionsFix Status
DAQFactory: 5.855.85No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate DAQFactory systems from untrusted networks using firewall rules; restrict network access to only authorized engineering workstations and control systems
WORKAROUNDImplement input validation and monitoring on network segments where DAQFactory is deployed to detect malicious traffic patterns
Mitigations - no patch available
0/2
DAQFactory: 5.85 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGRun DAQFactory with the principle of least privilege; limit account permissions to only what is necessary for operation
HARDENINGMonitor DAQFactory process behavior for unexpected memory corruption or segmentation faults that could indicate exploitation attempts
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/defbe9ca-1543-4623-8824-921efc35e14c