PatchSiren cyber security CVE debrief
CVE-2022-22515 CODESYS CVE debrief
CVE-2022-22515 is a HIGH-severity industrial control systems issue affecting Festo Automation Suite deployments that include CODESYS components. The advisory states that a remote, authenticated attacker can use the CODESYS Control runtime system control program to read and modify configuration files in affected products.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-30
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-09-30
- Advisory updated
- 2025-11-13
Who should care
OT and ICS administrators, plant engineers, and patch-management teams running Festo Automation Suite with bundled or separately installed CODESYS components. This is especially relevant for environments that rely on affected FAS versions and need to keep both the suite and CODESYS patched.
Technical summary
The source advisory describes a remotely reachable issue that requires authentication and is rated AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. Impact is limited to confidentiality and integrity, with no availability impact listed. The affected scope in the advisory includes Festo Automation Suite versions prior to 2.8.0.138 and specific installs using CODESYS Development System 3.0, 3.5.16.10, or 3.5.21.20. The recommended path is to use Festo Automation Suite 2.8.0.138 or later, install the latest patched CODESYS directly from the official CODESYS website, and keep the FAS connector and related components up to date.
Defensive priority
High. The issue allows an authenticated remote attacker to alter configuration files in industrial software, which can undermine system integrity and operational trust even without an availability impact.
Recommended defensive actions
- Upgrade to Festo Automation Suite 2.8.0.138 or later, where CODESYS is no longer bundled.
- Install the latest patched CODESYS release directly from the official CODESYS website.
- Apply CODESYS update guidance from the vendor and verify the installed version after patching.
- Keep the Festo Automation Suite connector and related components updated as Festo releases fixes.
- Review systems for the affected FAS/CODESYS version combinations listed in the advisory and prioritize those exposed to remote administration.
Evidence notes
The debrief is based on the supplied CISA CSAF advisory ICSA-26-076-01, which republishes the Festo advisory FSA-202601 and lists the affected Festo Automation Suite/CODESYS versions, impact statement, CVSS vector, and remediation. The vendor attribution in the prompt was low-confidence and needs review, so the product framing here follows the advisory title and references rather than assuming a broader vendor relationship.
Official resources
-
CVE-2022-22515 CVE record
CVE.org
-
CVE-2022-22515 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied advisory was published on 2026-02-26 and republished on 2026-03-17; those dates are advisory timeline context, not the vulnerability creation date. This debrief uses the supplied source corpus and official references only.