Tenable Research

**Name of the Vulnerable Software and Affected Versions** FileCatalyst Workflow versions up to 5.1.6 Build 139 **Description** The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB. The database is remotely accessible on TCP port 4406 by default. **Recommendations** Update to version 5.1.7 or later to patch the critical flaw. As a temporary workaround, consider changing the default credentials for the HSQL database to prevent unauthorized access. Restrict access to the HSQL database to minimize the risk of exploitation, especially since it is remotely accessible on TCP port 4406 by default.

**Name of the Vulnerable Software and Affected Versions** Fortra FileCatalyst Workflow versions 5.1.6 Build 135 and earlier **Description** The issue is related to a SQL injection vulnerability that allows an attacker to modify application data. This can likely result in the creation of administrative users and the deletion or modification of data in the application database. However, data exfiltration via SQL injection is not possible using this vulnerability. Successful exploitation requires either a Workflow system with anonymous access enabled for unauthenticated attackers or an authenticated user. **Recommendations** For versions 5.1.6 Build 135 and earlier, update to a version that includes the fix for this SQL injection vulnerability. As a temporary workaround, consider disabling anonymous access in the Workflow system to minimize the risk of unauthenticated exploitation. Restrict access to the application database to prevent potential data modification or deletion. Avoid using the application until the issue is resolved to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CODESYS V2 versions prior to V1.1.9.22 Description: The issue allows crafted web server requests to read partial stack or heap memory, potentially triggering a denial-of-service condition due to a crash in the web server. Recommendations: For versions prior to V1.1.9.22, update to version V1.1.9.22 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: CODESYS V2 web server versions prior to V1.1.9.22 Description: The issue is related to crafted web server requests that may cause a Null pointer dereference in the CODESYS web server, potentially resulting in a denial-of-service condition. Recommendations: For versions prior to V1.1.9.22, update to version V1.1.9.22 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: CODESYS V2 web server versions prior to V1.1.9.22 Description: The issue arises when crafted web server requests trigger a parser error in the CODESYS V2 web server. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur, leading to a denial of service situation. Recommendations: For versions prior to V1.1.9.22, update to version V1.1.9.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CODESYS V2 versions prior to 1.1.9.22 Description: The issue is caused by crafted web server requests that may lead to a heap-based buffer overflow, potentially triggering a denial-of-service condition due to a crash in the web server. Recommendations: For versions prior to 1.1.9.22, update to version 1.1.9.22 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** exacqVision Server (affected versions not specified) **Description** The issue allows an unauthenticated remote user to access credentials stored in the exacqVision Server under certain configurations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** exacqVision Server (affected versions not specified) **Description** An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause a denial-of-service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.