CVE-2022-22516 CODESYS CVE debrief

Who should care

OT/ICS administrators, controls engineers, and Windows workstation owners running Festo Automation Suite or CODESYS components, especially where local user accounts exist on engineering or control systems.

Technical summary

The vulnerability is a local-access memory protection issue in the SysDrv3S driver used by the CODESYS Control runtime on Windows. The advisory states that any system user can read and write restricted memory space, and the published CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects high impact once a local user can reach the runtime.

Defensive priority

High — prioritize affected Windows OT/engineering hosts with local-user exposure.

Recommended defensive actions

• Update Festo Automation Suite to version 2.8.0.138 or later where applicable.
• Download the latest patched version of CODESYS directly from the official CODESYS website.
• Follow the installation and update instructions provided by CODESYS so all security fixes are applied.
• Monitor CODESYS security advisories and apply updates promptly.
• Keep the Festo Automation Suite connector up to date by installing Festo-released updates.
• Use CISA ICS recommended practices and defense-in-depth guidance for industrial control environments.

Evidence notes

CISA CSAF advisory ICSA-26-076-01 (republishing Festo SE & Co. KG FSA-202601) identifies the affected software as Festo Automation Suite with CODESYS Development System / CODESYS Control runtime components on Microsoft Windows. The issue is described as allowing any system user to read and write restricted memory space, and the supplied CVSS vector shows local access and privilege requirements with high impact. The prompt's vendor metadata is low-confidence, so the product/vendor mapping here follows the advisory body rather than the placeholder vendor label.

Official resources