PatchSiren cyber security CVE debrief
CVE-2022-22519 CODESYS CVE debrief
CVE-2022-22519 is a high-severity availability issue in the CODESYS Control runtime system as distributed with Festo Automation Suite. According to the CISA CSAF advisory, a remote unauthenticated attacker can send a specific crafted HTTP or HTTPS request that causes a buffer over-read and crashes the webserver. The advisory was published by CISA on 2026-02-26 and republished/updated on 2026-03-17; the CVE identifier itself remains CVE-2022-22519.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-30
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-09-30
- Advisory updated
- 2025-11-13
Who should care
Operators, engineers, and security teams responsible for Festo Automation Suite deployments that include CODESYS components, especially OT/ICS environments that expose the webserver or rely on the runtime for availability.
Technical summary
The advisory describes a network-reachable flaw with no authentication requirement: crafted HTTP or HTTPS requests can trigger a buffer over-read in the CODESYS Control runtime webserver, resulting in a crash. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5 HIGH), indicating no direct confidentiality or integrity impact in the supplied record, but a significant availability impact. The source advisory lists affected Festo Automation Suite/CODESYS combinations, including versions below 2.8.0.138 and specific bundled CODESYS Development System builds.
Defensive priority
High priority: patch and validate affected Festo Automation Suite/CODESYS deployments promptly, because the issue is remotely reachable, unauthenticated, and can crash an operational webserver.
Recommended defensive actions
- Identify Festo Automation Suite installations that include CODESYS components listed in the advisory, including versions below 2.8.0.138 and the specific bundled CODESYS Development System builds referenced by the vendor
- Install the latest patched CODESYS release directly from the official CODESYS website, following the vendor's installation and update instructions
- Update Festo Automation Suite connectors and apply Festo-released updates as they become available
- Review whether the affected webserver or management interface is exposed more broadly than necessary and restrict access to trusted management networks
- Monitor CISA, Festo PSIRT, and CERT VDE advisories for follow-on updates or revised remediation guidance
Evidence notes
Primary evidence comes from the CISA CSAF source item for ICSA-26-076-01, which states that a remote unauthenticated attacker can send crafted HTTP or HTTPS requests causing a buffer over-read and webserver crash in the CODESYS Control runtime system. The same source lists the affected Festo Automation Suite/CODESYS product combinations and recommends obtaining patched CODESYS directly from the official vendor. The supplied vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) supports a focused availability-impact assessment.
Official resources
-
CVE-2022-22519 CVE record
CVE.org
-
CVE-2022-22519 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF advisory ICSA-26-076-01 was published on 2026-02-26 and republished/updated on 2026-03-17, based on the Festo advisory for Festo Automation Suite and CODESYS components. No KEV entry was supplied in the corpus.