PatchSiren cyber security CVE debrief
CVE-2022-47380 CODESYS CVE debrief
CVE-2022-47380 is a high-severity memory corruption issue affecting multiple CODESYS product versions used in Festo Automation Suite. According to the advisory, an authenticated remote attacker may trigger a stack-based out-of-bounds write, which can cause denial of service, memory overwriting, or remote code execution. The primary defensive takeaway is to ensure affected Festo Automation Suite deployments and any separately installed CODESYS components are updated using the vendor’s patched releases and installation guidance.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS administrators, automation engineers, Festo Automation Suite users, CODESYS integrators, and vulnerability/patch management teams responsible for engineering workstations or systems that use the affected software components.
Technical summary
The advisory describes an authenticated remote stack-based out-of-bounds write in multiple CODESYS products and versions associated with Festo Automation Suite. The flaw can write data into the stack, creating a path to denial of service, memory corruption, and potentially remote code execution. Festo’s mitigation guidance says that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and must be downloaded and installed separately; customers should install the latest patched CODESYS release from the official CODESYS website, follow vendor update instructions, and keep the Festo Automation Suite connector current.
Defensive priority
High priority for any environment using Festo Automation Suite or bundled/separately installed CODESYS components, especially where engineering systems are operationally critical or patching is delayed.
Recommended defensive actions
- Identify all installations of Festo Automation Suite and any associated CODESYS components.
- Determine whether affected versions are present, including Festo Automation Suite versions earlier than 2.8.0.138 and the CODESYS versions named in the advisory.
- Apply the vendor-recommended updates for Festo Automation Suite and install the latest patched CODESYS release from the official CODESYS source.
- Follow the installation and update procedures provided by CODESYS to ensure security fixes are fully applied.
- Keep the Festo Automation Suite connector updated with the latest Festo releases.
- Review local access controls for systems running these components, since exploitation requires authentication.
- Monitor vendor and CISA advisories for follow-up revisions or related guidance.
Evidence notes
CISA’s CSAF advisory ICSA-26-076-01, published on 2026-02-26 and republished on 2026-03-17 from Festo’s advisory FSA-202601, states that an authenticated remote attacker may use a stack-based out-of-bounds write in multiple CODESYS products/versions to cause denial of service, memory overwriting, or remote code execution. The advisory’s remediation section says Festo Automation Suite 2.8.0.138 and later no longer bundle CODESYS, and directs customers to install patched CODESYS releases from official vendor sources.
Official resources
-
CVE-2022-47380 CVE record
CVE.org
-
CVE-2022-47380 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
First published by the source advisory on 2026-02-26 and revised on 2026-03-17; these dates reflect the advisory timeline, not the PatchSiren publication time.