Vulnerabilites related to azeotech - daqfactory
Vulnerability from fkie_nvd
Published
2021-11-05 16:15
Modified
2024-11-21 06:27
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n afectada usa funciones espec\u00edficas que podr\u00edan ser abusadas mediante un archivo de proyecto dise\u00f1ado, lo que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo, el reinicio del sistema y el apagado del mismo"
}
],
"id": "CVE-2021-42543",
"lastModified": "2024-11-21T06:27:46.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.757",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-242"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-09 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100522 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100522 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "219DA227-87A6-430B-B4BF-E98B024D35A6",
"versionEndIncluding": "16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de elemento de ruta de b\u00fasqueda no controlado en AzeoTech DAQFactory en versiones anteriores a la 17.1. Se ha identificado una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlado, que podr\u00eda ejecutar archivos DLL maliciosos que se han colocado en la ruta de b\u00fasqueda."
}
],
"id": "CVE-2017-5147",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-09T01:29:02.847",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-05 16:15
Modified
2024-11-21 06:28
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account."
},
{
"lang": "es",
"value": "Un atacante podr\u00eda preparar un archivo de proyecto especialmente dise\u00f1ado que, si es abierto, intentar\u00eda conectarse a la nube y desencadenar un ataque de tipo man in the middle (MiTM). Esto podr\u00eda permitir a un atacante obtener credenciales y tomar el control de la cuenta en la nube del usuario"
}
],
"id": "CVE-2021-42701",
"lastModified": "2024-11-21T06:28:00.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.947",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-471"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-30 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | 5.77 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.77:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB25924-FE48-4C5E-A6BA-650892B882F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servicio Web AzeoTech DAQFactory v5.77, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como se demostr\u00f3 por ciertos m\u00f3dulos en VulnDisco Pack Professional v7.16 hasta 8.11. NOTA: a partir de 20091229, esta divulgaci\u00f3n no tiene informaci\u00f3n de la acci\u00f3n. Sin embargo, debido a que el autor VulnDisco Pack es un investigador confiable, se le ha asignado un identificador CVE con fines de seguimiento."
}
],
"id": "CVE-2009-4480",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-30T21:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36504"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-05 16:15
Modified
2024-11-21 06:27
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
},
{
"lang": "es",
"value": "Los archivos de proyecto son objetos de memoria almacenados en forma de datos binarios serializados que posteriormente pueden ser le\u00eddos y deserializados de nuevo para instanciar los objetos originales en memoria. La manipulaci\u00f3n maliciosa de estos archivos puede permitir a un atacante corromper la memoria"
}
],
"id": "CVE-2021-42698",
"lastModified": "2024-11-21T06:27:59.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.823",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-09 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100522 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100522 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "219DA227-87A6-430B-B4BF-E98B024D35A6",
"versionEndIncluding": "16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones."
},
{
"lang": "es",
"value": "Existe un problema de permisos por defecto incorrectos en AzeoTech DAQFactoy en versiones anteriores a la 17.1. Los usuarios locales que no son administradores podr\u00edan reemplazar o modificar los archivos de aplicaciones originales con archivos maliciosos."
}
],
"id": "CVE-2017-12699",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-09T01:29:02.363",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-05 16:15
Modified
2024-11-21 06:27
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| azeotech | daqfactory | * | |
| azeotech | daqfactory | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100D1A60-4B1A-469D-845D-682797BF2E82",
"versionEndIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*",
"matchCriteriaId": "851124B6-B4CD-429C-A2F1-AF7F49586D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user\u2019s cookie and take over the account."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a que la informaci\u00f3n de las cookies se transmita como texto sin cifrar a trav\u00e9s de HTTP. Un atacante puede capturar el tr\u00e1fico de red, obtener la cookie del usuario y hacerse con la cuenta"
}
],
"id": "CVE-2021-42699",
"lastModified": "2024-11-21T06:27:59.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-05T16:15:07.883",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-16 14:28
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9045A50A-53CC-48AB-97E7-D8DC91A61272",
"versionEndIncluding": "5.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8668100E-A3B5-4AEE-A0A5-B9641A931EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "350751D6-CE73-45F6-A1E6-1190E153120F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E7344A14-3965-4121-9726-3D2950EB0208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC446B-478A-4217-A25D-33A56C78A75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6487E8-6B7A-4C14-A56F-E44965A53264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6097D59F-90E6-43F4-ADB5-5625B1F3B842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "886CDDCF-0D11-44B6-81AD-2A2D4FEBB2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB855B8-CDA4-4591-8F81-90C16B77E0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "FC279BA5-BA45-40E4-8DD1-E80D68B62A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5832A1FB-B52F-45D0-BFB7-D01D3FBBE41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F682BB82-A06E-4626-8F9E-EB1E7E33DAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC6CFBE-239D-4537-A148-355F388F3238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0392C0-3319-4AE6-977E-2AED0EDFE9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F5713FDC-5EC8-42EC-BCC8-5C63C5EE6DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0592195-47A3-4021-854C-C14B867BC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "C62325DC-8C51-4F8B-A2E3-1EBA516C2AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "322C54E5-C92D-4456-9229-8D19E9596821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F569D3-0295-40A9-829D-37AC9637A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "65C84BD0-39A2-4B1D-914B-2AACAA107D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3C28A9-4D2E-4402-B097-B02C87F45D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD8C372-9AC0-4CA5-9592-10EAE99B39C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EF9F51-3CA7-4F05-8873-44EE3F928FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C21A5E58-059E-49EA-8C4A-5E540D2D020A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "86F4D91C-0DEB-474F-8F70-90BBE08B9798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0075E67F-C2BD-478B-B57B-16B0AAE5804A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D03E0-0582-4E89-8A39-8236B86DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CABD9A-B5F0-4468-8432-33760C280900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "41553AA7-AC2B-4050-ADDA-4462568E09F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "8D59DE4B-0ADC-4347-BAD9-BDC49A095CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "462A5DC8-09FB-4A72-A8E9-77B6FDBE8A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDAA04-4356-4708-916C-734FE5EC209C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC97464-46D7-4013-9EFC-2BEFA20A3B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9EEEC5-2070-4A7D-8485-CF336BFA2AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4F55E34B-D91B-4467-B3A6-79397B23BEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.40:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA3D882-8959-4B24-91DA-7B08BA31B8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.70:*:*:*:*:*:*:*",
"matchCriteriaId": "A2844056-4AD6-44C2-BD6A-5D4F29E69738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.71:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2395A3-77A7-486A-BD79-50927AC992CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.72:*:*:*:*:*:*:*",
"matchCriteriaId": "56B9DF59-8444-490D-B0C9-FF4404479CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.73:*:*:*:*:*:*:*",
"matchCriteriaId": "6828A7ED-0C8E-49CA-80DC-4C9A1BD4A784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.74:*:*:*:*:*:*:*",
"matchCriteriaId": "D055B27F-1715-4A55-B42C-7D278CB94ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.75:*:*:*:*:*:*:*",
"matchCriteriaId": "EA182CEB-C0F0-46DC-8257-A2CA54FA2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.76:*:*:*:*:*:*:*",
"matchCriteriaId": "9D215554-39F3-429A-81A9-CD4C88C9B093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.77:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB25924-FE48-4C5E-A6BA-650892B882F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.78:*:*:*:*:*:*:*",
"matchCriteriaId": "27B722A9-B97E-4454-960C-C2D91A4C68D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.79:*:*:*:*:*:*:*",
"matchCriteriaId": "418E1467-741F-4286-B966-D451FC0084AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E817E266-1ED4-4684-B362-0BF0AB0C0B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.82:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF2A7A2-A212-4586-8CE9-69A3B762EE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.83:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DB3955-3C85-49BF-B6B9-026E177974BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.83:a:*:*:*:*:*:*",
"matchCriteriaId": "8AAA56B9-AC6C-41FA-93B9-9B23B57961CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.84:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB5A1A-5510-4B38-B349-D92108047246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Azeotech DAQFactory versi\u00f3n 5.85 build 1853 y versiones anteriores, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) y ejecutar c\u00f3digo arbitrario por medio de un paquete NETB dise\u00f1ado a UDP puerto 20034."
}
],
"id": "CVE-2011-3492",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T14:28:13.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/75496"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17855"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/75496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-28 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B246B6A9-D98E-4F48-8AE6-75002CF2CBCB",
"versionEndIncluding": "5.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8668100E-A3B5-4AEE-A0A5-B9641A931EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "350751D6-CE73-45F6-A1E6-1190E153120F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E7344A14-3965-4121-9726-3D2950EB0208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC446B-478A-4217-A25D-33A56C78A75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6487E8-6B7A-4C14-A56F-E44965A53264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6097D59F-90E6-43F4-ADB5-5625B1F3B842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "886CDDCF-0D11-44B6-81AD-2A2D4FEBB2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB855B8-CDA4-4591-8F81-90C16B77E0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "FC279BA5-BA45-40E4-8DD1-E80D68B62A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5832A1FB-B52F-45D0-BFB7-D01D3FBBE41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F682BB82-A06E-4626-8F9E-EB1E7E33DAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC6CFBE-239D-4537-A148-355F388F3238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0392C0-3319-4AE6-977E-2AED0EDFE9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F5713FDC-5EC8-42EC-BCC8-5C63C5EE6DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0592195-47A3-4021-854C-C14B867BC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "C62325DC-8C51-4F8B-A2E3-1EBA516C2AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "322C54E5-C92D-4456-9229-8D19E9596821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F569D3-0295-40A9-829D-37AC9637A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "65C84BD0-39A2-4B1D-914B-2AACAA107D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3C28A9-4D2E-4402-B097-B02C87F45D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD8C372-9AC0-4CA5-9592-10EAE99B39C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EF9F51-3CA7-4F05-8873-44EE3F928FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C21A5E58-059E-49EA-8C4A-5E540D2D020A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "86F4D91C-0DEB-474F-8F70-90BBE08B9798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0075E67F-C2BD-478B-B57B-16B0AAE5804A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D03E0-0582-4E89-8A39-8236B86DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CABD9A-B5F0-4468-8432-33760C280900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "41553AA7-AC2B-4050-ADDA-4462568E09F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "8D59DE4B-0ADC-4347-BAD9-BDC49A095CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "462A5DC8-09FB-4A72-A8E9-77B6FDBE8A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDAA04-4356-4708-916C-734FE5EC209C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC97464-46D7-4013-9EFC-2BEFA20A3B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9EEEC5-2070-4A7D-8485-CF336BFA2AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4F55E34B-D91B-4467-B3A6-79397B23BEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.40:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA3D882-8959-4B24-91DA-7B08BA31B8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.70:*:*:*:*:*:*:*",
"matchCriteriaId": "A2844056-4AD6-44C2-BD6A-5D4F29E69738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.71:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2395A3-77A7-486A-BD79-50927AC992CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.72:*:*:*:*:*:*:*",
"matchCriteriaId": "56B9DF59-8444-490D-B0C9-FF4404479CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.73:*:*:*:*:*:*:*",
"matchCriteriaId": "6828A7ED-0C8E-49CA-80DC-4C9A1BD4A784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.74:*:*:*:*:*:*:*",
"matchCriteriaId": "D055B27F-1715-4A55-B42C-7D278CB94ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.75:*:*:*:*:*:*:*",
"matchCriteriaId": "EA182CEB-C0F0-46DC-8257-A2CA54FA2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.76:*:*:*:*:*:*:*",
"matchCriteriaId": "9D215554-39F3-429A-81A9-CD4C88C9B093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.77:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB25924-FE48-4C5E-A6BA-650892B882F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.78:*:*:*:*:*:*:*",
"matchCriteriaId": "27B722A9-B97E-4454-960C-C2D91A4C68D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.79:*:*:*:*:*:*:*",
"matchCriteriaId": "418E1467-741F-4286-B966-D451FC0084AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E817E266-1ED4-4684-B362-0BF0AB0C0B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.82:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF2A7A2-A212-4586-8CE9-69A3B762EE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.83:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DB3955-3C85-49BF-B6B9-026E177974BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azeotech:daqfactory:5.83:a:*:*:*:*:*:*",
"matchCriteriaId": "8AAA56B9-AC6C-41FA-93B9-9B23B57961CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal."
},
{
"lang": "es",
"value": "AzeoTech DAQFactory antes de v5.85 (Build 1842) no realiza autenticaci\u00f3n de ciertas se\u00f1ales, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio o apagado del sistema) a trav\u00e9s de una se\u00f1al."
}
],
"id": "CVE-2011-2956",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-28T18:55:03.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.azeotech.com/revisionhistory.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.azeotech.com/revisionhistory.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-5147 (GCVE-0-2017-5147)
Vulnerability from cvelistv5
Published
2017-09-09 01:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AzeoTech DAQFactory |
Version: AzeoTech DAQFactory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:34.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AzeoTech DAQFactory",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AzeoTech DAQFactory"
}
]
}
],
"datePublic": "2017-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AzeoTech DAQFactory",
"version": {
"version_data": [
{
"version_value": "AzeoTech DAQFactory"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5147",
"datePublished": "2017-09-09T01:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-05T14:55:34.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42699 (GCVE-0-2021-42699)
Vulnerability from cvelistv5
Published
2021-11-05 15:39
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: All versions < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "New version",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user\u2019s cookie and take over the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T15:39:16",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AzeoTech DAQFactory",
"workarounds": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42699",
"STATE": "PUBLIC",
"TITLE": "AzeoTech DAQFactory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAQFactory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All versions",
"version_value": "New version"
}
]
}
}
]
},
"vendor_name": "AzeoTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user\u2019s cookie and take over the account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42699",
"datePublished": "2021-11-05T15:39:16",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2956 (GCVE-0-2011-2956)
Vulnerability from cvelistv5
Published
2011-07-28 18:00
Modified
2024-09-17 04:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.azeotech.com/revisionhistory.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-28T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.azeotech.com/revisionhistory.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf"
},
{
"name": "http://www.azeotech.com/revisionhistory.php",
"refsource": "MISC",
"url": "http://www.azeotech.com/revisionhistory.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2956",
"datePublished": "2011-07-28T18:00:00Z",
"dateReserved": "2011-07-28T00:00:00Z",
"dateUpdated": "2024-09-17T04:25:06.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3492 (GCVE-0-2011-3492)
Vulnerability from cvelistv5
Published
2011-09-16 14:00
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "daqfactory-netb-bo(69764)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf"
},
{
"name": "17855",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17855"
},
{
"name": "75496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "daqfactory-netb-bo(69764)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf"
},
{
"name": "17855",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17855"
},
{
"name": "75496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "daqfactory-netb-bo(69764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764"
},
{
"name": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf"
},
{
"name": "17855",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17855"
},
{
"name": "75496",
"refsource": "OSVDB",
"url": "http://osvdb.org/75496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3492",
"datePublished": "2011-09-16T14:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42698 (GCVE-0-2021-42698)
Vulnerability from cvelistv5
Published
2021-11-05 15:39
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: All versions < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "New version",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T15:39:34",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AzeoTech DAQFactory",
"workarounds": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42698",
"STATE": "PUBLIC",
"TITLE": "AzeoTech DAQFactory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAQFactory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All versions",
"version_value": "New version"
}
]
}
}
]
},
"vendor_name": "AzeoTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42698",
"datePublished": "2021-11-05T15:39:34",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42543 (GCVE-0-2021-42543)
Vulnerability from cvelistv5
Published
2021-11-05 15:39
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-242 - Use of Inherently Dangerous Function
Summary
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: All versions < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:49.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "New version",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-242",
"description": "CWE-242 Use of Inherently Dangerous Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T15:39:21",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AzeoTech DAQFactory",
"workarounds": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42543",
"STATE": "PUBLIC",
"TITLE": "AzeoTech DAQFactory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAQFactory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All versions",
"version_value": "New version"
}
]
}
}
]
},
"vendor_name": "AzeoTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-242 Use of Inherently Dangerous Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42543",
"datePublished": "2021-11-05T15:39:21",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-08-04T03:38:49.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12699 (GCVE-0-2017-12699)
Vulnerability from cvelistv5
Published
2017-09-09 01:00
Modified
2024-08-05 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AzeoTech DAQFactory |
Version: AzeoTech DAQFactory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AzeoTech DAQFactory",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AzeoTech DAQFactory"
}
]
}
],
"datePublic": "2017-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AzeoTech DAQFactory",
"version": {
"version_data": [
{
"version_value": "AzeoTech DAQFactory"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-12699",
"datePublished": "2017-09-09T01:00:00",
"dateReserved": "2017-08-09T00:00:00",
"dateUpdated": "2024-08-05T18:43:56.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4480 (GCVE-0-2009-4480)
Vulnerability from cvelistv5
Published
2009-12-30 21:00
Modified
2024-09-16 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-30T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4480",
"datePublished": "2009-12-30T21:00:00Z",
"dateReserved": "2009-12-30T00:00:00Z",
"dateUpdated": "2024-09-16T18:48:40.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42701 (GCVE-0-2021-42701)
Vulnerability from cvelistv5
Published
2021-11-05 15:39
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-471 - Modification of Assumed-Immutable Data (MAID)
Summary
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AzeoTech | DAQFactory |
Version: All versions < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "New version",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T15:39:27",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AzeoTech DAQFactory",
"workarounds": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42701",
"STATE": "PUBLIC",
"TITLE": "AzeoTech DAQFactory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAQFactory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All versions",
"version_value": "New version"
}
]
}
}
]
},
"vendor_name": "AzeoTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-471 Modification of Assumed-Immutable Data (MAID)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42701",
"datePublished": "2021-11-05T15:39:27",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}