PatchSiren cyber security CVE debrief
CVE-2022-47389 CODESYS CVE debrief
CVE-2022-47389 is a high-severity memory corruption issue in the CmpTraceMgr component used by certain CODESYS products in Festo Automation Suite deployments. According to the CISA CSAF advisory, an authenticated remote attacker could trigger a stack-based out-of-bounds write that may lead to denial of service, memory overwriting, or remote code execution.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Administrators and defenders responsible for Festo Automation Suite installations, especially environments that bundle or depend on affected CODESYS components, should review exposure and patch status.
Technical summary
The advisory identifies a stack-based out-of-bounds write in the CmpTraceMgr component of multiple CODESYS products. CISA's affected-product list includes Festo Automation Suite <2.8.0.138 with CODESYS Development System 3.0 or 3.5.16.10, Festo Automation Suite 2.8.0.137 with those same CODESYS versions, and CODESYS Development System 3.5.21.20 as an external component of Festo Automation Suite 2.8.0.138. The stated impact is denial of service, memory corruption, and possible remote code execution from an authenticated remote attacker.
Defensive priority
High. The combination of network attack surface, low attack complexity, required authentication, and potential RCE makes this a priority patching issue for affected deployments.
Recommended defensive actions
- Identify whether Festo Automation Suite is installed and verify the exact bundled or external CODESYS component version.
- Upgrade to Festo Automation Suite 2.8.0.138 or later and follow Festo's and CODESYS's current installation/update guidance.
- Download patched CODESYS releases only from the official CODESYS website, as recommended in the advisory.
- Apply Festo Automation Suite connector updates when released and keep both the suite and dependent components current.
- Review access controls for authenticated remote access paths to affected systems and limit them to necessary administrators.
- Monitor CISA, CERT@VDE, Festo PSIRT, and CODESYS security advisories for follow-up guidance.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-076-01 and its source references. The advisory text explicitly names the CmpTraceMgr stack-based out-of-bounds write, the impacted Festo Automation Suite/CODESYS version combinations, and the vendor-recommended mitigations. The supplied materials do not include exploit code or public weaponization details.
Official resources
-
CVE-2022-47389 CVE record
CVE.org
-
CVE-2022-47389 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2022-47389 was published on 2026-02-26 and modified on 2026-03-17. CISA's CSAF advisory ICSA-26-076-01 was initially published on 2026-02-26 and later republished with Festo SE & Co. KG advisory content.