以下是从网页截图中获取到的关于漏洞的关键信息,以简洁的Markdown格式返回: 1. EXECUTIVE SUMMARY CVSS v3: 7.8 ATTENTION: Low attack complexity Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: - Use of Inherently Dangerous Function (CWE-242) - Deserialization of Untrusted Data (CWE-502) - Cleartext Transmission of Sensitive Information (CWE-319) - Modification of Assumed-Immutable Data (MAID) (CWE-471) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow code execution, memory corruption, or unauthorized access to user information. 3. TECHNICAL DETAILS 3.1 Affected Products DAQFactory: All Versions 18.1 Build 2347 and prior 3.2 Vulnerability Overview 3.2.1 Use of Inherently Dangerous Function (CWE-242) CVE: CVE-2021-42543 CVSS v3 Base Score: 7.8 Impact: Code execution, system reboot, and system shutdown 3.2.2 Deserialization of Untrusted Data (CWE-502) CVE: CVE-2021-42698 CVSS v3 Base Score: 7.8 Impact: Corrupt memory 3.2.3 Cleartext Transmission of Sensitive Information (CWE-319) CVE: CVE-2021-42699 CVSS v3 Base Score: 5.7 Impact: Cookie hijacking and account takeover 3.2.4 Modification of Assumed-Immutable Data (MAID) (CWE-471) CVE: CVE-2021-42701 CVSS v3 Base Score: 5.0 Impact: Man-in-the-middle (MiTM) attack, credential theft, and cloud account takeover 4. MITIGATIONS Users are discouraged from using documents from unknown/untrusted sources. Users should store .ctl files in a folder only writeable by admin-level users. Operate in "Safe Mode" when loading documents that have been out of their control. Apply a document editing password to their documents. Avoid using the Real Time Web-Connect menu items. Minimize network exposure for all control system devices. Use secure methods like VPNs for remote access. Additional Information Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems Countries/Areas Deployed: United States and Europe Company Headquarters Location: United States Researcher: Sharon Brizinov of Claroty Alert Code: ICSA-21-308-02 Last Revised: November 04, 2021