PatchSiren cyber security CVE debrief
CVE-2022-4224 CODESYS CVE debrief
CVE-2022-4224 is a high-severity industrial software flaw affecting CODESYS v3 components used with Festo Automation Suite. According to the CISA advisory, a remote user with low privileges could read and modify system files and OS resources or cause a denial of service on the device.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS administrators, automation engineers, and security teams responsible for Festo Automation Suite installations or CODESYS v3 components, especially where remote access or engineering workstation privileges are present.
Technical summary
The supplied CISA CSAF advisory (ICSA-26-076-01) describes a vulnerability in multiple CODESYS v3 products that can be reached by a remote, low-privileged user. Impact includes unauthorized read/modify access to system files and OS resources, plus denial of service. The advisory maps the issue to Festo Automation Suite deployments, including versions older than 2.8.0.138 and specific bundled CODESYS Development System releases listed by the vendor.
Defensive priority
High. Prioritize remediation if affected Festo Automation Suite or bundled CODESYS v3 components are present, because the flaw is network-reachable, requires only low privileges, and affects confidentiality, integrity, and availability.
Recommended defensive actions
- Upgrade Festo Automation Suite to version 2.8.0.138 or later; the advisory states that starting with 2.8.0.138, CODESYS is no longer bundled with the suite.
- Install the latest patched CODESYS release directly from the official CODESYS website and follow the vendor’s update guidance.
- Apply Festo connector updates and continue monitoring Festo and CODESYS security advisories for follow-on fixes.
- Review asset inventory for the affected combinations named in the advisory, including older Festo Automation Suite releases and bundled CODESYS Development System versions.
- Limit low-privileged remote access to OT/engineering systems and segment networks to reduce exposure while patching is planned.
Evidence notes
CISA’s CSAF advisory ICSA-26-076-01 republishes the Festo advisory chain and names affected products including Festo Automation Suite versions older than 2.8.0.138 and bundled CODESYS Development System releases 3.0, 3.5.16.10, and 3.5.21.20. The advisory states that a remote low-privileged user could read and modify system files and OS resources or trigger a DoS. The supplied remediations recommend moving to Festo Automation Suite 2.8.0.138+ and installing patched CODESYS directly from the official vendor site.
Official resources
-
CVE-2022-4224 CVE record
CVE.org
-
CVE-2022-4224 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Timing context in the supplied corpus shows the CISA advisory published on 2026-02-26 and republished/updated on 2026-03-17; those dates are advisory timeline markers, not observed exploit dates. No KEV entry was provided in the supplied En