PatchSiren cyber security CVE debrief
CVE-2022-47378 CODESYS CVE debrief
CVE-2022-47378 is an authenticated remote denial-of-service vulnerability caused by improper input validation in multiple CODESYS products used in the Festo Automation Suite ecosystem. According to the CISA-republished advisory, an attacker with valid access can craft specific requests that trigger a service disruption. The issue was published on 2026-02-26 and later republished/updated on 2026-03-17 with the initial CISA republication of the Festo advisory.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS operators, engineering teams, and asset owners running Festo Automation Suite deployments that include bundled CODESYS components should review exposure. Security teams responsible for industrial engineering workstations and remote-access paths should also pay attention because exploitation requires authentication but can still cause operational downtime.
Technical summary
The advisory describes an improper input validation flaw in multiple CODESYS products. The practical impact is denial of service only: a remote authenticated attacker may send crafted requests that cause the affected component to stop functioning or become unavailable. CISA’s advisory ties the issue to Festo Automation Suite versions below 2.8.0.138 and to bundled CODESYS Development System components listed in the source record. No confidentiality or integrity impact is indicated in the supplied material.
Defensive priority
Medium. The vulnerability is network-reachable and can disrupt availability, but it requires authentication and is not marked as KEV. Prioritize remediation for exposed engineering environments and any systems where downtime would affect operations.
Recommended defensive actions
- Inventory Festo Automation Suite installations and identify whether they include the CODESYS components named in the advisory.
- Upgrade to the latest patched CODESYS release from the official CODESYS website, following the vendor’s installation and update guidance.
- Apply Festo Automation Suite updates promptly, and confirm the connector remains current with vendor releases.
- Review access controls around engineering workstations and remote administration paths so authenticated access is limited to trusted users.
- Monitor CODESYS and Festo security advisories for follow-on updates or revised remediation guidance.
Evidence notes
The source corpus states that multiple CODESYS products in multiple versions are affected by improper input validation and that an authenticated remote attacker can craft requests leading to denial of service. The CISA source item republished the Festo advisory on 2026-02-26 and recorded a republication update on 2026-03-17. The advisory metadata also lists remediation guidance to update CODESYS separately and keep the Festo Automation Suite connector current. Vendor attribution in the supplied data is low-confidence and should be reviewed; the most reliable scope signal is the CISA advisory title and its referenced Festo/CODESYS remediation language.
Official resources
-
CVE-2022-47378 CVE record
CVE.org
-
CVE-2022-47378 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied advisory corpus on 2026-02-26, with a source republication/update on 2026-03-17. This debrief uses those advisory dates and does not treat generation time as the disclosure date.