PatchSiren cyber security CVE debrief
CVE-2022-47384 CODESYS CVE debrief
CVE-2022-47384 is a high-severity memory-corruption issue in the CmpTraceMgr component used by multiple CODESYS products and Festo Automation Suite deployments that include CODESYS. According to the advisory, an authenticated remote attacker can write data into the stack, which may result in denial of service, memory overwriting, or remote code execution. The supplied CVSS vector indicates network attackability with low privileges and no user interaction. The public advisory was published on 2026-02-26 and republished with a vendor advisory update on 2026-03-17.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Organizations running Festo Automation Suite or CODESYS Development System in engineering, maintenance, or OT support environments; system integrators; plant operations teams; and security teams responsible for industrial software patching and access control.
Technical summary
The issue is described as a stack-based out-of-bounds write in CmpTraceMgr. The affected scope in the advisory includes multiple CODESYS versions and Festo Automation Suite installations that bundle or integrate CODESYS components, including combinations tied to CODESYS Development System 3.0, 3.5.16.10, and 3.5.21.20. The attacker must be authenticated, but the vector shows network reachability and low required privileges. The documented outcomes are denial of service, memory overwriting, and possible remote code execution.
Defensive priority
High. This is a network-reachable authenticated memory-corruption flaw with potential code execution in industrial engineering software, so affected deployments should be prioritized for version review, patching, and access restriction.
Recommended defensive actions
- Upgrade Festo Automation Suite to 2.8.0.138 or later, and verify whether CODESYS is still bundled in your deployment.
- Install the latest patched CODESYS release directly from the official CODESYS website, following vendor installation and update instructions.
- Review all engineering workstations and service systems for affected CODESYS Development System versions and installed Festo Automation Suite combinations named in the advisory.
- Restrict authenticated access to engineering software to only trusted accounts and networks while remediation is in progress.
- Monitor the CODESYS and Festo security advisories referenced in the official notices and apply future updates promptly.
- Validate that the Festo Automation Suite connector is up to date after upgrading the suite.
Evidence notes
All product, version, impact, and remediation statements are taken from the supplied CISA CSAF advisory data and its official references. The advisory metadata identifies the issue as ICSA-26-076-01 and republished Festo advisory FSA-202601, with no KEV entry present in the provided corpus.
Official resources
-
CVE-2022-47384 CVE record
CVE.org
-
CVE-2022-47384 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-26-076-01 on 2026-02-26 and updated on 2026-03-17 to republish the vendor advisory.