PatchSiren cyber security CVE debrief
CVE-2023-6357 CODESYS CVE debrief
CVE-2023-6357 is a high-severity command-injection issue in the Festo Automation Suite / CODESYS software path. According to the advisory, a low-privileged remote attacker could inject additional system commands via file system libraries and potentially gain full control of the device. The published remediation path is to move to Festo Automation Suite 2.8.0.138 or later and use patched CODESYS releases from the official vendor.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS defenders, Festo Automation Suite administrators, and teams managing engineering workstations or automation environments that bundle CODESYS components should prioritize this issue.
Technical summary
CISA's CSAF advisory ICSA-26-076-01 was published on 2026-02-26 and republished on 2026-03-17 as an initial CISA republication of the Festo advisory. The source describes a low-privileged remote command-injection path in file system libraries, with CVSS 3.1 scored at 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The affected scope in the supplied advisory includes Festo Automation Suite versions below 2.8.0.138 with bundled CODESYS components, and the remediation is to update Festo Automation Suite, then install patched CODESYS directly from the official site.
Defensive priority
High
Recommended defensive actions
- Upgrade Festo Automation Suite to version 2.8.0.138 or later on all affected systems.
- Install the latest patched CODESYS release directly from the official CODESYS website and verify the component version in each environment.
- Update the Festo Automation Suite connector with vendor-provided releases and confirm no bundled vulnerable CODESYS component remains in use.
- Restrict remote access to engineering and OT environments, and apply least privilege plus defense-in-depth controls around automation workstations.
- Monitor Festo PSIRT, CertVDE, and CISA ICS advisories for follow-on updates or newly identified affected versions.
- Inventory all systems running Festo Automation Suite with CODESYS components to ensure no unmanaged deployments remain exposed.
Evidence notes
The debrief is based on the supplied CISA CSAF source item for ICSA-26-076-01, which names the issue 'CODESYS in Festo Automation Suite' and provides the affected product strings, CVSS vector, and remediation text. The timeline uses the supplied publishedAt and modifiedAt values (2026-02-26 and 2026-03-17) from the advisory metadata. Vendor attribution in the prompt is low-confidence, so the analysis stays anchored to the advisory/product naming present in the source corpus rather than broadening scope beyond it.
Official resources
-
CVE-2023-6357 CVE record
CVE.org
-
CVE-2023-6357 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA ICS Advisory ICSA-26-076-01 on 2026-02-26; CISA republished the Festo advisory on 2026-03-17.