CVE-2021-42701

Summary

An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.

Affected Software

VendorProductVersion RangeStatus
AzeoTechDAQFactoryAll versions <= New versionaffected

Weaknesses

  • CWE-471: CWE-471 Modification of Assumed-Immutable Data (MAID)

Workarounds

Users are discouraged from using documents from unknown/untrusted sources. Users are encouraged to store .ctl files in a folder only writeable by admin-level users. Users are encouraged to operate in “Safe Mode” when loading documents that have been out of their control. Users are encouraged to apply a document editing password to their documents. Users should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script.

ADP Enrichment

CVE Program Container

Additional References

References