ICSA-25-345-03 · Published 2026-01-12 · View on CISA ICS-CERT ↗

AzeoTech DAQFactory (Update A)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities requires an attacker to upload a malicious .ctl file. This could lead to information disclosure or arbitrary code execution.

CVEs (5)

CVE-2025-66590 CVE-2025-66589 CVE-2025-66588 CVE-2025-66586 CVE-2025-66585

Remediations

AzeoTech has released the following update that addresses these issues:
DAQFactory: Release 21.1
AzeoTech also recommends users take the following actions to reduce the risk:
Users are discouraged from using documents from unknown/untrusted sources.
Users are encouraged to store .ctl files in a folder only writeable by admin-level users.
Users are encouraged to operate in "Safe Mode" when loading documents that have been out of their control.
Users are encouraged to apply a document editing password to their documents.

Affected Vendors

AzeoTech

Affected Products (1)

AzeoTech · DAQFactory <=20.7_Build_2555

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more