PatchSiren cyber security CVE debrief
CVE-2022-47387 CODESYS CVE debrief
CVE-2022-47387 is a high-severity stack-based out-of-bounds write in the CmpTraceMgr component used by CODESYS products in Festo Automation Suite. According to the CISA republication of the vendor advisory, an authenticated remote attacker may be able to trigger denial of service, memory overwriting, or remote code execution. The advisory was initially published on 2026-02-26 and revised on 2026-03-17.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS operators, Festo Automation Suite administrators, CODESYS users, and defenders responsible for engineering workstations or remote-access paths that allow authenticated users to reach CODESYS components.
Technical summary
The advisory describes a stack-based out-of-bounds write in CmpTraceMgr. The source item lists affected Festo Automation Suite/CODESYS combinations including Festo Automation Suite versions before 2.8.0.138 with bundled CODESYS Development System 3.0 or 3.5.16.10, and Festo Automation Suite 2.8.0.138 with CODESYS Development System 3.5.21.20 as an external component. The published CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8 HIGH).
Defensive priority
High
Recommended defensive actions
- Inventory all Festo Automation Suite deployments and identify any bundled or separately installed CODESYS components.
- Upgrade to the latest patched CODESYS release from the official CODESYS website and follow the vendor installation/update guidance.
- Update Festo Automation Suite to 2.8.0.138 or later and apply connector updates released by Festo.
- Restrict authenticated remote access to engineering and OT management interfaces to only necessary users and segments.
- Monitor CODESYS and Festo security advisories and validate updates in a controlled OT maintenance window before broad rollout.
Evidence notes
This debrief is based on the CISA CSAF record ICSA-26-076-01, which republishes the Festo advisory FSA-202601 titled 'CODESYS in Festo Automation Suite.' The source description states that an authenticated remote attacker can exploit a stack-based out-of-bounds write in CmpTraceMgr to cause denial of service, memory overwriting, or remote code execution. The remediation text says that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and should be downloaded and installed separately, with updates applied from the official CODESYS site. The prompt's vendor/product mapping is low confidence and should be validated against the advisory title and affected product matrix.
Official resources
-
CVE-2022-47387 CVE record
CVE.org
-
CVE-2022-47387 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory date: 2026-02-26; modified/revised: 2026-03-17. CISA published an initial CSAF record and then a republication/update tied to the Festo FSA-202601 advisory.