PatchSiren cyber security CVE debrief
CVE-2022-47379 CODESYS CVE debrief
CVE-2022-47379 is an authenticated remote memory-corruption issue in multiple CODESYS products used with Festo Automation Suite. CISA’s advisory says the flaw can be used to write data into memory, potentially causing denial of service, memory overwriting, or remote code execution. The safest response is to update Festo Automation Suite and the separately installed CODESYS components to patched versions and review exposed authenticated remote access paths.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Festo Automation Suite users, OT/ICS administrators, and engineering teams running CODESYS-based installations should care most, especially where authenticated remote access to the affected environment is exposed.
Technical summary
The advisory describes an out-of-bounds write in multiple CODESYS products across multiple versions. The issue is reachable by an authenticated remote attacker and may permit arbitrary memory writes, which can lead to service interruption, memory corruption, or remote code execution. The source advisory ties affected configurations to Festo Automation Suite versions below 2.8.0.138 and notes that starting with 2.8.0.138, CODESYS is no longer bundled and must be downloaded and installed separately. The remediation guidance emphasizes installing the latest patched CODESYS release from the official vendor and keeping the Festo Automation Suite connector updated.
Defensive priority
High
Recommended defensive actions
- Upgrade Festo Automation Suite to version 2.8.0.138 or later.
- Install the latest patched CODESYS release directly from the official CODESYS website.
- Apply vendor security updates promptly for both Festo and CODESYS components.
- Review and reduce exposure of authenticated remote access paths used for engineering or administration.
- Follow CISA ICS recommended practices for segmentation, least privilege, and defense in depth.
Evidence notes
CISA ICS advisory ICSA-26-076-01 was published on 2026-02-26 and republished on 2026-03-17 from Festo SE & Co. KG advisory FSA-202601. The advisory text states that an authenticated remote attacker may exploit an out-of-bounds write in multiple CODESYS products to write into memory, leading to denial of service, memory overwriting, or remote code execution. The remediation section says Festo Automation Suite 2.8.0.138 no longer bundles CODESYS and customers should install patched CODESYS directly from the official site and keep the FAS connector updated. The supplied vendor metadata is low-confidence; the source material identifies Festo Automation Suite/CODESYS.
Official resources
-
CVE-2022-47379 CVE record
CVE.org
-
CVE-2022-47379 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA ICS Advisory ICSA-26-076-01 on 2026-02-26, with a CISA republication of the Festo advisory on 2026-03-17.