PatchSiren cyber security CVE debrief
CVE-2022-32141 CODESYS CVE debrief
CVE-2022-32141 affects multiple CODESYS products as republished in CISA’s ICSA-26-076-01 advisory for Festo Automation Suite. A remote attacker with low privileges can craft a request with an invalid offset, causing an internal buffer over-read and a denial-of-service condition. No user interaction is required. The advisory’s remediation focuses on using patched CODESYS releases and keeping Festo Automation Suite components current.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Operators and administrators of Festo Automation Suite installations that include CODESYS components, especially industrial and OT environments. Security teams responsible for patching, change control, and vendor advisory tracking should treat this as relevant because the issue is remotely reachable and can disrupt availability.
Technical summary
The advisory describes a buffer over-read in multiple CODESYS products. The attack condition is a crafted request containing an invalid offset, which can trigger out-of-bounds read behavior and lead to denial of service. The published CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, reflecting network exposure, low privilege requirements, and high availability impact with no confidentiality or integrity impact stated in the advisory.
Defensive priority
Medium. The issue is availability-focused and remotely reachable, so it matters in OT environments where service interruption can affect engineering workflows or connected operations. Priority increases if affected Festo Automation Suite deployments are internet-reachable, broadly exposed on trusted networks, or slow to patch.
Recommended defensive actions
- Update CODESYS to the latest patched version from the official CODESYS website.
- Follow the vendor’s installation and update instructions so all security fixes are applied.
- Keep Festo Automation Suite updated, including the connector, by installing FAS updates as released by Festo.
- Review installed versions against the advisory scope, especially Festo Automation Suite versions below 2.8.0.138 and bundled CODESYS components.
- Monitor CODESYS and Festo security advisories regularly and apply updates promptly.
- Validate that OT segmentation and access controls limit exposure of engineering systems that may host the affected software.
Evidence notes
CISA’s CSAF advisory ICSA-26-076-01 states: “Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.” The remediation text says that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and must be downloaded separately, and customers should install the latest patched CODESYS release and keep FAS up to date. Timeline context supplied with the advisory shows initial publication on 2026-02-26 and republication/modified content on 2026-03-17.
Official resources
-
CVE-2022-32141 CVE record
CVE.org
-
CVE-2022-32141 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF advisory ICSA-26-076-01 was initially published on 2026-02-26 and modified/republished on 2026-03-17. The source corpus ties the issue to CODESYS components used in Festo Automation Suite.