CVE-2026-12390 - Vulnerability Details - OpenCVE

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02

History

Thu, 18 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 18 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
Title		Access of resource using incompatible type ('type confusion') in AzeoTech DAQFactory
Weaknesses		CWE-843
References		https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02
Metrics		cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2026-06-18T18:30:57.904Z

Updated: 2026-06-18T18:42:13.934Z

Reserved: 2026-06-16T12:13:25.809Z

Link: CVE-2026-12390

Vulnrichment

Updated: 2026-06-18T18:42:09.712Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12390", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-06-16T12:13:25.809Z", "datePublished": "2026-06-18T18:30:57.904Z", "dateUpdated": "2026-06-18T18:42:13.934Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-18T18:30:57.904Z"}, "title": "Access of resource using incompatible type ('type confusion') in AzeoTech DAQFactory", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-843", "description": "CWE-843 Access of resource using incompatible type ('type confusion')", "type": "CWE"}]}], "affected": [{"vendor": "AzeoTech", "product": "DAQFactory", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "21.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.\n<br>\n<br>"}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "* Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<ul><li>Users are discouraged from using documents from unknown/untrusted sources.</li><li>Users are encouraged to store .ctl files in a folder only writeable by admin-level users.</li><li>Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.</li><li>Users are encouraged to apply a document editing password to their documents.</li></ul>"}]}], "credits": [{"lang": "en", "value": "Rocco Calvi (@TecR0c) with TecSecurity", "type": "finder"}, {"lang": "en", "value": "rgod working with TrendAI Zero Day Initiative", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-18T18:42:07.085552Z", "id": "CVE-2026-12390", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T18:42:13.934Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12390", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-06-16T12:13:25.809Z", "datePublished": "2026-06-18T18:30:57.904Z", "dateUpdated": "2026-06-18T18:42:13.934Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-18T18:30:57.904Z"}, "title": "Access of resource using incompatible type ('type confusion') in AzeoTech DAQFactory", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-843", "description": "CWE-843 Access of resource using incompatible type ('type confusion')", "type": "CWE"}]}], "affected": [{"vendor": "AzeoTech", "product": "DAQFactory", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "21.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.\n<br>\n<br>"}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "* Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<ul><li>Users are discouraged from using documents from unknown/untrusted sources.</li><li>Users are encouraged to store .ctl files in a folder only writeable by admin-level users.</li><li>Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.</li><li>Users are encouraged to apply a document editing password to their documents.</li></ul>"}]}], "credits": [{"lang": "en", "value": "Rocco Calvi (@TecR0c) with TecSecurity", "type": "finder"}, {"lang": "en", "value": "rgod working with TrendAI Zero Day Initiative", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12390", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-18T18:42:07.085552Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T18:42:09.712Z"}}]}}