PatchSiren cyber security CVE debrief
CVE-2022-47381 CODESYS CVE debrief
CVE-2022-47381 is a high-severity flaw in CODESYS components used by Festo Automation Suite. The advisory says an authenticated remote attacker may trigger a stack-based out-of-bounds write, which can lead to denial of service, memory overwriting, or remote code execution. CISA published the advisory on 2026-02-26 and republished it with updated source material on 2026-03-17.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS defenders, Festo Automation Suite administrators, and teams that deploy CODESYS Development System with the suite—especially environments using the affected version combinations listed in the advisory.
Technical summary
The source advisory identifies a stack-based out-of-bounds write in multiple CODESYS products and versions used in Festo Automation Suite. An authenticated remote attacker may write data into the stack, potentially causing denial of service, memory corruption, or remote code execution. The affected scope is version-combination specific and includes Festo Automation Suite versions below 2.8.0.138 as well as the listed bundled or external CODESYS Development System versions.
Defensive priority
High
Recommended defensive actions
- Upgrade to the latest Festo Automation Suite release path noted in the advisory; starting with 2.8.0.138, CODESYS is no longer bundled with the suite.
- Install the latest patched CODESYS version directly from the official CODESYS website.
- Follow the vendor-provided installation and update instructions to ensure security fixes are applied correctly.
- Keep the Festo Automation Suite connector up to date by applying Festo-released updates as they become available.
- Monitor Festo and CODESYS security advisories regularly and prioritize patching affected OT/engineering workstations.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-076-01, republished from Festo PSIRT materials, with publishedAt 2026-02-26T08:00:00Z and modifiedAt 2026-03-17T06:00:00Z. The advisory title is "CODESYS in Festo Automation Suite" and its product list includes Festo Automation Suite plus specific CODESYS Development System versions and combinations. The source description explicitly states the authenticated remote stack-based out-of-bounds write impact. The vendor mapping in the prompt is low-confidence and should be treated as review-needed because the source centers on Festo Automation Suite/CODESYS rather than a standalone vendor attribution.
Official resources
-
CVE-2022-47381 CVE record
CVE.org
-
CVE-2022-47381 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-02-26 and republished with revised source material on 2026-03-17. The issue concerns Festo Automation Suite installations that include affected CODESYS components.