CVE-2011-3492

Azeotech DAQFactory <5.85.1853 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-3492. PoCs published by Metasploit, Luigi Auriemma, including Metasploit module exploits/windows/scada/daq_factory_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory HMI via a crafted 'NETB' request to UDP port 20034. It uses an egghunter to locate the payload in memory and achieves remote code execution on Windows XP SP3.

Description

Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17855

This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory HMI via a crafted 'NETB' request to UDP port 20034. It uses an egghunter to locate the payload in memory and achieves remote code execution on Windows XP SP3.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DAQFactory Pro 5.85 Build 1853
No auth needed
Prerequisites: Network access to UDP port 20034 · Target running DAQFactory Pro 5.85 Build 1853
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/17841

This exploit targets a stack overflow vulnerability in DAQFactory's UDP packet handling on port 20034. The overflow occurs in the logging code due to unsafe use of sprintf, allowing remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DAQFactory <= 5.85 build 1853
No auth needed
Prerequisites: Network access to UDP port 20034 · DAQFactory running and listening
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Luigi Auriemma · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/daq_factory_bof.rb

This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory via a crafted 'NETB' request to UDP port 20034. It uses an egghunter to locate and execute a payload, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Azeotech DaqFactory Pro 5.85 Build 1853
No auth needed
Prerequisites: Network access to UDP port 20034 · Target software running on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69764
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17855
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/75496

Scores

EPSS 0.7091
EPSS Percentile 99.3%

Details

CWE
CWE-119
Status published
Products (49)
azeotech/daqfactory 3.0
azeotech/daqfactory 3.03
azeotech/daqfactory 3.5
azeotech/daqfactory 3.05
azeotech/daqfactory 3.09
azeotech/daqfactory 3.10
azeotech/daqfactory 3.11
azeotech/daqfactory 3.51
azeotech/daqfactory 3.52
azeotech/daqfactory 3.53
... and 39 more
Published Sep 16, 2011
Tracked Since Feb 18, 2026