CVE-2021-42543
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code, reboot systems, or shut down systems by tricking users into opening a malicious project file. It affects industrial control systems and other applications that use vulnerable functions to parse project files.
💻 Affected Systems
- Multiple industrial control system products from various vendors
📦 What is this software?
Daqfactory by Azeotech
Daqfactory by Azeotech
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with persistent malware installation, production disruption through forced reboots/shutdowns, and lateral movement to other systems.
Likely Case
Local code execution leading to data theft, system instability, or denial of service through reboots/shutdowns.
If Mitigated
Limited impact if systems are air-gapped, have strict file validation, and users are trained not to open untrusted files.
🎯 Exploit Status
Requires user to open a malicious project file. No known public exploits as of advisory publication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Vendor-specific - check individual vendor updates
Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02
Restart Required: Yes
Instructions:
1. Identify affected products in your environment. 2. Contact vendors for specific patches. 3. Apply patches during maintenance windows. 4. Test in non-production first. 5. Restart affected systems.
🔧 Temporary Workarounds
Restrict project file execution
allLimit who can open project files and implement file validation
User training and awareness
allTrain users not to open untrusted project files from unknown sources
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized executables
- Isolate affected systems in segmented networks with strict access controls
🔍 How to Verify
Check if Vulnerable:
Check installed software versions against vendor advisories. Look for applications that parse project files from ICS vendors.Check Version:
Vendor-specific (e.g., for Windows applications: check 'About' dialog or installed programs list)Verify Fix Applied:
Verify patch installation through vendor-specific version checks and test with known safe project files.📡 Detection & Monitoring
Log Indicators:
- Unexpected application crashes when opening project files
- Unusual process creation from project file parsers
- System reboot/shutdown events without normal cause
Network Indicators:
- Unusual outbound connections from ICS applications after opening files
SIEM Query:
Process Creation where (Image contains 'project' OR CommandLine contains '.proj') AND ParentImage contains vulnerable_app.exe