PatchSiren cyber security CVE debrief
CVE-2022-31803 CODESYS CVE debrief
CVE-2022-31803 affects FESTO’s CODESYS provided by Festo deployments and is described by CISA as a flaw in CODESYS Gateway Server V2 that lets an unauthenticated attacker consume all available TCP connections. The impact is availability-only: legitimate users or clients may be unable to establish new connections, while existing connections remain intact. CISA’s CSAF advisory rates the issue medium severity (CVSS 5.3) and lists password protection at login as the mitigation when no controller password is configured.
- Vendor
- CODESYS
- Product
- Software
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-03
- Original CVE updated
- 2024-12-03
- Advisory published
- 2024-12-03
- Advisory updated
- 2024-12-03
Who should care
Organizations operating FESTO CODESYS provided by Festo / CODESYS Gateway Server V2 should pay attention, especially where the gateway is used for remote administration or operational connectivity. OT/ICS teams should care because connection exhaustion can interrupt new sessions without taking down established ones.
Technical summary
The advisory states that an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections on CODESYS Gateway Server V2. According to the source, this prevents legitimate users or clients from establishing new connections, while existing connections remain unaffected. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Defensive priority
Medium priority. The issue is network-reachable and unauthenticated, but the impact is limited to availability and does not affect existing connections, confidentiality, or integrity.
Recommended defensive actions
- Follow the FESTO/CISA advisory for the affected product and apply the listed mitigation: enable password protection at login if no password is set at the controller.
- Make sure the password configuration file is included in backup and restore procedures, since the advisory notes it is not covered by the default FFT backup and restore mechanism.
- Restrict access to the gateway server to trusted management or operational networks where possible.
- Monitor for unusual TCP connection growth, repeated connection attempts, or signs that the gateway is reaching connection limits.
- Validate operational resilience so critical workflows can tolerate temporary loss of new gateway connections.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-182-03 (source item ID source_item_16d9c8b9-77f4-4ed8-badb-c5e968a27bcd), which identifies vendor FESTO and the affected product as “CODESYS provided by Festo all versions.” The advisory description explicitly states that an insufficient check for TCP client connection activity allows an unauthenticated attacker to consume all available TCP connections. The source corpus also includes a same-day revision history showing version 2.0.0 corrected one reference. The published and modified timestamps supplied with the CVE and source item are both 2024-12-03T11:00:00.000Z.
Official resources
-
CVE-2022-31803 CVE record
CVE.org
-
CVE-2022-31803 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public disclosure is reflected in the CISA CSAF advisory ICSA-25-182-03 dated 2024-12-03. The source corpus shows an initial version 1.0.0 and a same-day 2.0.0 revision that corrected one reference.