PatchSiren cyber security CVE debrief
CVE-2024-5000 CODESYS CVE debrief
CVE-2024-5000 is a high-severity, network-reachable denial-of-service issue affecting CODESYS components associated with Festo Automation Suite. According to the advisory, an unauthenticated remote attacker can send a crafted OPC UA request that triggers an incorrect buffer-size calculation and can disrupt availability. The issue was published by CISA on 2026-02-26 and later republished/updated on 2026-03-17.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS operators, plant engineering teams, and administrators responsible for Festo Automation Suite or bundled CODESYS deployments should prioritize this issue, especially where OPC UA services are reachable from engineering networks or other untrusted segments.
Technical summary
The advisory describes a remote, unauthenticated denial-of-service condition caused by incorrect calculation of buffer size in affected CODESYS products. An attacker using a malicious OPC UA client can send a crafted request that impacts availability. The supplied advisory scope ties the issue to Festo Automation Suite installations with affected bundled CODESYS versions, including versions below 2.8.0.138 and the listed CODESYS component versions.
Defensive priority
High for OT environments. Prioritize remediation where OPC UA endpoints are exposed or reachable, because the issue is unauthenticated, remotely triggerable, and can interrupt availability.
Recommended defensive actions
- Inventory all Festo Automation Suite installations and identify affected versions and bundled CODESYS components referenced in the advisory.
- Upgrade to Festo Automation Suite 2.8.0.138 or later, and follow the vendor guidance that CODESYS is no longer bundled in that release.
- Download and install the latest patched CODESYS release directly from the official CODESYS website, then verify the deployed version is fixed.
- Apply the Festo installation/update instructions and keep the Festo Automation Suite connector current with vendor releases.
- Reduce exposure of OPC UA services by segmenting OT networks, restricting access to trusted engineering hosts, and monitoring for abnormal OPC UA traffic or service instability.
Evidence notes
Evidence is taken from the supplied CISA CSAF advisory ICSA-26-076-01 and its references. The source title identifies the affected software as "CODESYS in Festo Automation Suite." The advisory description states that an unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request causing DoS due to incorrect buffer-size calculation. Published and modified dates supplied in the corpus are 2026-02-26T08:00:00.000Z and 2026-03-17T06:00:00.000Z, respectively. The supplied vendor metadata is inconsistent with the advisory title, so this debrief follows the advisory scope rather than the low-confidence vendor field.
Official resources
-
CVE-2024-5000 CVE record
CVE.org
-
CVE-2024-5000 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA ICS advisory ICSA-26-076-01 on 2026-02-26, with a CISA republication/update recorded on 2026-03-17. The supplied corpus does not mark this CVE as KEV-listed.