PatchSiren cyber security CVE debrief
CVE-2022-47391 CODESYS CVE debrief
CVE-2022-47391 is a high-severity denial-of-service issue affecting multiple CODESYS products and versions as distributed in Festo Automation Suite. According to the advisory, an unauthorized remote attacker may exploit improper input validation to read from invalid addresses, resulting in service disruption. The practical risk is highest for environments that use affected Festo Automation Suite releases with bundled or separately installed CODESYS components.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS administrators, engineers, and support teams using Festo Automation Suite and CODESYS Development System installations should review this advisory. It is especially relevant for organizations that rely on affected suite versions or CODESYS components in operational workflows, where a remote denial of service could interrupt engineering or control-related activities.
Technical summary
The advisory describes an improper input validation flaw in multiple CODESYS products and versions. The issue is reachable remotely without authorization and can cause reads from invalid memory addresses, which in turn leads to denial of service. The CISA CSAF record ties the issue to Festo Automation Suite deployments that include affected CODESYS components, including versions prior to 2.8.0.138 and specific bundled CODESYS Development System releases. Festo notes that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and must be downloaded and installed separately.
Defensive priority
High for affected environments that expose or rely on the vulnerable CODESYS components. Because the impact is availability-only but remotely reachable and unauthenticated, patching and version verification should be prioritized for any production or engineering system using the affected software stack.
Recommended defensive actions
- Verify whether Festo Automation Suite installations include affected CODESYS components and map them to the versions listed in the advisory.
- Update to Festo Automation Suite 2.8.0.138 or later where applicable, and confirm which CODESYS component version is installed separately.
- Install the latest patched CODESYS release directly from the official CODESYS website, following vendor installation and update instructions.
- Keep the Festo Automation Suite connector updated by applying Festo releases as they are issued.
- Monitor CODESYS and Festo security advisories for follow-up fixes and configuration guidance.
- Validate that affected engineering workstations and related systems are not running outdated bundled or manually installed CODESYS components.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-26-076-01 republished from Festo/CERT-VDE, which states that an unauthorized remote attacker may use improper input validation to read from invalid addresses and cause denial of service. The advisory also lists affected Festo Automation Suite and CODESYS versions, and provides mitigation guidance to update Festo Automation Suite and install patched CODESYS releases from the official source.
Official resources
-
CVE-2022-47391 CVE record
CVE.org
-
CVE-2022-47391 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through the CISA CSAF advisory ICSA-26-076-01 on 2026-02-26, with a CISA republication update recorded on 2026-03-17. Use the CVE published date from the source timeline for timing context.