PatchSiren cyber security CVE debrief
CVE-2022-31805 CODESYS CVE debrief
CVE-2022-31805 describes unprotected password transmission in multiple CODESYS Development System components used in the Festo Automation Suite advisory scope. CISA republished the vendor material as ICSA-26-076-01, and the published CVSS vector rates the issue 7.5 HIGH with network exposure and a confidentiality-only impact profile.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS administrators, Festo Automation Suite users, and teams managing CODESYS Development System deployments should care most, especially where client-server traffic may traverse shared or less-trusted networks.
Technical summary
The source advisory states that multiple components in multiple versions of the CODESYS Development System transmit the passwords used for client-server communication unprotected. The published CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates a remotely reachable issue that requires no privileges or user interaction and can expose sensitive information. The advisory scope includes Festo Automation Suite versions below 2.8.0.138 and associated CODESYS version combinations named in the source metadata.
Defensive priority
High. This is a remotely reachable credential-exposure issue with no integrity or availability impact, so it should be prioritized for remediation in any environment using the affected Festo/CODESYS product combinations.
Recommended defensive actions
- Inventory Festo Automation Suite and CODESYS Development System installations to identify the exact versions and product combinations named in the advisory.
- Upgrade to the latest patched CODESYS release from the official CODESYS website and apply the latest Festo Automation Suite updates.
- For Festo Automation Suite 2.8.0.138 and later, confirm the CODESYS component is obtained and maintained separately as described by the vendor.
- Review network segmentation and limit exposure of client-server communication paths used by these tools.
- Monitor CODESYS and Festo security advisories for follow-on fixes or compatibility guidance.
- If you determine credentials may have been exposed in transit, consider password changes and review related access.
- Use secure transport controls and defense-in-depth measures for OT environments where these components are deployed.
Evidence notes
Primary evidence comes from CISA's CSAF advisory ICSA-26-076-01, which republishes Festo's FSA-202601 material and states: 'In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.' The source also provides the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The provided vendor mapping in the corpus is low-confidence and flagged for review, so this debrief relies on the advisory's product names and the cited official references rather than the placeholder vendor field.
Official resources
-
CVE-2022-31805 CVE record
CVE.org
-
CVE-2022-31805 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory on 2026-02-26 and republished it on 2026-03-17. Those dates are used here only as advisory context and are not treated as the original discovery date of the vulnerability.