PatchSiren cyber security CVE debrief
CVE-2023-49675 CODESYS CVE debrief
CVE-2023-49675 is a high-severity, user-assisted local vulnerability disclosed by CISA on 2026-02-26 and updated on 2026-03-17. The advisory corpus ties the issue to Festo Automation Suite and CODESYS project-file handling: a malformed or corrupted project file can trigger an out-of-bounds write, leading to arbitrary code execution or a crash. The advisory emphasizes affected Festo Automation Suite versions below 2.8.0.138 and specific CODESYS Development System combinations listed in the source material.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT operators, automation engineers, and IT/OT security teams that use Festo Automation Suite or manage CODESYS-based engineering workstations should prioritize this. It matters most where users routinely open project files from external, shared, or otherwise untrusted sources.
Technical summary
The source advisory describes an out-of-bounds write in the handling of corrupted project files. Exploitation requires local access plus user interaction: an attacker must trick a user into opening a malicious project file. In affected environments, the flaw can result in code execution with the user's privileges or a system crash. The corpus lists Festo Automation Suite versions below 2.8.0.138 and several related CODESYS Development System versions/combinations as affected, and it notes that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and must be obtained separately.
Defensive priority
High for affected engineering workstations and OT environments. Prioritize remediation wherever project files may be received from outside the trusted environment.
Recommended defensive actions
- Update Festo Automation Suite to version 2.8.0.138 or later, or the latest vendor-patched release referenced by Festo.
- Download and install the latest patched CODESYS release directly from the official CODESYS website if CODESYS is installed separately.
- Keep the Festo Automation Suite connector updated by applying Festo-released updates promptly.
- Review and monitor CODESYS security advisories and apply related security fixes without delay.
- Limit opening of untrusted or unexpected project files on engineering workstations and reinforce user awareness around malicious file delivery.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-076-01, which republishes Festo advisory FSA-202601. The source corpus lists the affected product area as Festo Automation Suite with CODESYS components and provides a remediation path centered on updating to 2.8.0.138 or later. Vendor attribution in the provided enrichment is low-confidence/needs-review, so the product naming should be treated as source-backed but reviewed if you need a stricter asset mapping.
Official resources
-
CVE-2023-49675 CVE record
CVE.org
-
CVE-2023-49675 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-02-26 and revised it on 2026-03-17. This debrief uses those advisory dates and the supplied source corpus; it does not treat generation time as the CVE issue date. The corpus contains a low-confidence/uns