PatchSiren cyber security CVE debrief
CVE-2022-32137 CODESYS CVE debrief
CVE-2022-32137 affects multiple CODESYS products used with Festo Automation Suite. A low-privileged remote attacker can craft a request that triggers a heap-based buffer overflow, which may cause denial of service or memory overwrite. The supplied advisory does not require user interaction, and the CVSS score is 8.8 (High).
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Industrial automation and OT teams running Festo Automation Suite deployments that include CODESYS components, along with system integrators and patch managers responsible for those environments. This is especially important where remote access exists, because the issue is network-reachable and can affect availability and memory integrity.
Technical summary
The source advisory (ICSA-26-076-01) describes a heap-based buffer overflow in multiple CODESYS products associated with Festo Automation Suite. The attack condition is low-privilege and remote, and it can be triggered by crafting a request. Impact includes denial of service and possible memory overwrite. The advisory text indicates no user interaction is required. The product list in the source is bundle-specific and includes Festo Automation Suite versions below 2.8.0.138 and related CODESYS Development System components.
Defensive priority
High. The issue is remotely reachable, requires only low privileges, and has high-severity CVSS impact with both availability and integrity implications. In OT environments, memory overwrite conditions and service disruption should be remediated promptly or tightly contained until updates are applied.
Recommended defensive actions
- Identify all Festo Automation Suite installations and determine which CODESYS components are present.
- Apply the latest patched CODESYS release from the official CODESYS vendor guidance.
- Follow the vendor-provided installation and update instructions to ensure all security fixes are applied.
- Keep the Festo Automation Suite connector up to date with the latest Festo releases.
- Monitor Festo and CODESYS security advisories regularly and prioritize prompt patching in OT environments.
- If immediate updating is not possible, restrict network access to affected systems and minimize privileged remote paths.
Evidence notes
The supplied source is a CISA CSAF republication of vendor advisory FSA-202601, titled 'CODESYS in Festo Automation Suite.' It was initially published on 2026-02-26 and republished/updated on 2026-03-17. The advisory states that a low-privileged remote attacker can craft a request that causes a heap-based buffer overflow, resulting in denial of service or memory overwrite, and that no user interaction is required. The intake vendor label is low-confidence and does not cleanly match the advisory text; the evidence points to Festo Automation Suite and CODESYS components rather than a standalone FESTO product naming.
Official resources
-
CVE-2022-32137 CVE record
CVE.org
-
CVE-2022-32137 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-02-26 and republished it on 2026-03-17. The advisory identifies the issue as affecting multiple CODESYS products in Festo Automation Suite and notes that exploitation does not require user interaction.