On June 18, 2026, CISA published an Industrial Control Systems advisory (ICSA-26-169-02) identifying a vulnerability in AzeoTech DAQFactory that could permit attackers to upload malicious .ctl files leading to arbitrary code execution. The advisory is available through CISA's official news-events channel and includes technical details in the CSAF repository.
DAQFactory is widely deployed in manufacturing, utilities, and process control environments where real-time data acquisition and system automation are critical. A successful exploit targeting this vulnerability could allow an unauthenticated or low-privilege attacker to execute arbitrary commands on affected systems, potentially compromising process integrity, data confidentiality, or system availability.
What makes this noteworthy: industrial control systems often operate on extended lifecycles and delayed patching schedules. If affected versions remain in production environments without immediate remediation, they present persistent attack surface in networks that may lack robust segmentation or endpoint detection capabilities.
The advisory identifies specific affected versions of DAQFactory, though full version details were truncated in available sources. Operators running DAQFactory in critical infrastructure or production environments should cross-reference their installed versions against CISA's official CSAF file to determine exposure.
What to watch next: CISA advisories on OT vulnerabilities often trigger coordinated disclosure timelines. Monitor CISA's ICS-CERT channel for patch availability statements, updated CVSS scores, or evidence of active exploitation. Third-party security researchers may also publish proof-of-concept details or detection signatures in coming weeks. Additionally, watch for reports of exploitation attempts in industrial networks — initial compromise indicators could include unusual file uploads to DAQFactory directories or unexpected process execution logs.
