PatchSiren cyber security CVE debrief
CVE-2022-1965 CODESYS CVE debrief
CVE-2022-1965 is a high-severity flaw in multiple CODESYS products as distributed with Festo Automation Suite. According to the advisory, a low-privilege remote attacker can send a crafted request that is not handled correctly by error processing, causing the file referenced by the request to be deleted. No user interaction is required. The published CVSS 3.1 vector rates the issue as AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, reflecting strong integrity and availability impact.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/industrial automation teams running Festo Automation Suite with bundled CODESYS components, plus patch managers, system integrators, and support teams responsible for CODESYS-based installations.
Technical summary
The source advisory (ICSA-26-076-01) describes improper error handling in multiple CODESYS products. A remote attacker with low privileges can craft a request that the error handler does not process correctly, resulting in deletion of the file named in the request. The advisory lists affected Festo Automation Suite deployments that include CODESYS Development System 3.0, 3.5.16.10, or 3.5.21.20, including versions earlier than 2.8.0.138 and the specific bundled builds identified in the source. Festo states that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and must be installed separately by the customer.
Defensive priority
High. This is remotely reachable, requires only low privileges, needs no user interaction, and can delete files referenced by attacker-controlled requests. Prioritize remediation for any affected Festo Automation Suite or CODESYS installations.
Recommended defensive actions
- Inventory all Festo Automation Suite deployments and identify any installation that includes the CODESYS components named in the advisory.
- Upgrade to Festo Automation Suite 2.8.0.138 or later where applicable.
- Download and install the latest patched CODESYS release directly from the official CODESYS website, following vendor installation guidance.
- Keep the Festo Automation Suite connector updated with Festo releases.
- Monitor CODESYS and Festo security advisories and verify installed versions after remediation.
- Review backups and restore procedures so deleted files can be recovered quickly if exposure is suspected.
Evidence notes
Primary evidence comes from CISA advisory ICSA-26-076-01 and its source CSAF record. The advisory revision history shows an initial publication on 2026-02-26 and a CISA republication on 2026-03-17. The source text explicitly states the impact as file deletion via a crafted request, without user interaction, and the remediation guidance as upgrading CODESYS and keeping Festo Automation Suite components current. Vendor attribution in the incoming metadata is inconsistent, so the debrief relies on the advisory's explicit CODESYS-in-Festo-Automation-Suite scope.
Official resources
-
CVE-2022-1965 CVE record
CVE.org
-
CVE-2022-1965 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA's CSAF advisory ICSA-26-076-01 was initially published on 2026-02-26 and republished on 2026-03-17. Those dates should be used for advisory timing context; they are not the generation date of this debrief.