PatchSiren cyber security CVE debrief
CVE-2022-1989 CODESYS CVE debrief
CVE-2022-1989 is an information-exposure issue in CODESYS Visualization versions before V4.2.0.0. A remote, unauthenticated attacker can use the vulnerable login dialog to enumerate valid users. The advisory was publicly disclosed by CISA on 2026-02-26 and republished on 2026-03-17 from Festo advisory material.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Administrators and operators using CODESYS Visualization, especially where it is deployed through Festo Automation Suite or other exposed environments. Teams that manage login interfaces, account provisioning, or remote access to the affected visualization components should pay attention.
Technical summary
The source advisory states that all CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure, allowing a remote unauthenticated attacker to enumerate valid users. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, which indicates network reachability with limited confidentiality impact and no integrity or availability impact. The remediation guidance in the source directs customers to install patched CODESYS releases from the official vendor and keep Festo Automation Suite and its connector up to date where applicable.
Defensive priority
Medium. The flaw is remotely reachable and requires no authentication, but the disclosed impact is limited to user enumeration rather than direct code execution or service disruption.
Recommended defensive actions
- Upgrade CODESYS Visualization to V4.2.0.0 or later, or otherwise install the patched CODESYS release referenced by the vendor advisory.
- If you use Festo Automation Suite, install the current FAS updates and follow the vendor guidance for the connector and external CODESYS component.
- Review any exposed login interfaces and restrict network access to management or visualization services where possible.
- Monitor CODESYS and Festo security advisories and verify deployed component versions after updates.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-076-01 and its republished Festo advisory content. The source description explicitly says: 'All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.' The advisory also supplies CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vendor attribution in the provided corpus is low confidence and marked for review, so the debrief avoids asserting more specific product ownership than the source supports.
Official resources
-
CVE-2022-1989 CVE record
CVE.org
-
CVE-2022-1989 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-26-076-01 on 2026-02-26, with a republication on 2026-03-17 from Festo advisory material. No KEV listing is provided in the supplied corpus.