CVE-2021-42698

HIGH

Azeotech Daqfactory < 18.1 - Insecure Deserialization

Title source: rule

Description

Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.

References (1)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 31.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

azeotech/daqfactory < 18.1

azeotech/daqfactory

Timeline

Published Nov 05, 2021

Tracked Since Feb 18, 2026