CVE-2021-42543

Summary

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.

Affected Software

VendorProductVersion RangeStatus
AzeoTechDAQFactoryAll versions <= New versionaffected

Weaknesses

  • CWE-242: CWE-242 Use of Inherently Dangerous Function

Workarounds

Users are discouraged from using documents from unknown/untrusted sources. Users are encouraged to store .ctl files in a folder only writeable by admin-level users. Users are encouraged to operate in “Safe Mode” when loading documents that have been out of their control. Users are encouraged to apply a document editing password to their documents. Users should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script.

ADP Enrichment

CVE Program Container

Additional References

References