PatchSiren cyber security CVE debrief
CVE-2022-22517 CODESYS CVE debrief
Published by CISA on 2026-02-26 and revised on 2026-03-17, this advisory describes a high-severity availability issue in CODESYS as used with Festo Automation Suite. A remote attacker without authentication can guess a valid channel ID, inject packets, and force existing communication channels to close. For defenders, the key action is to identify affected Festo Automation Suite/CODESYS installations and move to the patched, vendor-supported update path.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-30
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-09-30
- Advisory updated
- 2025-11-13
Who should care
OT/ICS operators, engineers, and asset owners running Festo Automation Suite or embedded CODESYS components; also patch managers responsible for engineering workstations and plant support systems that communicate with CODESYS-based devices.
Technical summary
The advisory says an unauthenticated remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets, which causes the channel to close. The published CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable denial-of-service impact concentrated on availability. Affected product entries include Festo Automation Suite versions below 2.8.0.138 with bundled or separately installed CODESYS components listed in the advisory.
Defensive priority
High
Recommended defensive actions
- Inventory all Festo Automation Suite installations and any bundled or separately installed CODESYS components.
- Upgrade Festo Automation Suite to version 2.8.0.138 or later where CODESYS is no longer bundled.
- Install the latest patched CODESYS release directly from the official CODESYS website and follow the vendor update instructions.
- Keep the Festo Automation Suite connector up to date by applying Festo-released updates as they become available.
- Use CISA ICS recommended practices such as network segmentation and minimizing unnecessary exposure of OT engineering systems.
- Monitor CODESYS and Festo advisories for follow-on fixes or compatibility notes.
Evidence notes
The source advisory states that an unauthenticated, remote attacker can guess a valid channel ID, inject packets, and close the communication channel. The advisory's CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, matching a network-reachable availability-only disruption. The remediation text says that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and customers should install the latest patched CODESYS release directly from the official CODESYS site. The supplied metadata also shows CISA republished the Festo SE & Co. KG FSA-202601 advisory, and the vendor attribution in the prompt metadata is inconsistent with the advisory content, so treat product attribution with care.
Official resources
-
CVE-2022-22517 CVE record
CVE.org
-
CVE-2022-22517 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published 2026-02-26 and modified 2026-03-17. The CISA CSAF advisory republishes Festo SE & Co. KG FSA-202601 content; no KEV listing is indicated in the supplied corpus.