PatchSiren cyber security CVE debrief
CVE-2019-5105 Festo CVE debrief
CVE-2019-5105 is a remote, network-reachable memory corruption issue in the Name Service Client functionality used by CODESYS GatewayService. A specially crafted packet can trigger a large memcpy, leading to an access violation and termination of the GatewayService process. The supplied advisory scope is broad: CODESYS V3 products prior to V3.5.16.10 that include CmpRouter or CmpRouterEmbedded are affected, including CODESYS components bundled with or used by Festo Automation Suite. This is an availability-focused vulnerability with no confidentiality or integrity impact described in the supplied CVSS vector.
- Vendor
- Festo
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-30
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-09-30
- Advisory updated
- 2025-11-13
Who should care
OT/ICS operators using CODESYS-based runtimes or gateway components, especially environments running CODESYS GatewayService.exe, CmpRouter, or CmpRouterEmbedded. Festo Automation Suite users should also review whether their installation includes affected CODESYS components or an outdated bundle.
Technical summary
The vulnerability is described as exploitable memory corruption in the Name Service Client path of CODESYS GatewayService. An attacker who can reach a device running GatewayService.exe can send a crafted packet that causes an oversized memcpy and process crash. The advisory states that all CODESYS V3 products before V3.5.16.10 containing CmpRouter or CmpRouterEmbedded are affected regardless of CPU type or operating system. The CVSS vector supplied is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-triggered denial of service condition.
Defensive priority
High. This is a remotely reachable availability issue in an industrial software stack with a wide affected-product footprint. Prioritize patching and exposure reduction wherever GatewayService or related CODESYS router components are reachable from untrusted networks.
Recommended defensive actions
- Upgrade affected CODESYS components to a patched release; the advisory identifies versions prior to 3.5.16.10 as affected.
- If using Festo Automation Suite, move to a version that no longer bundles CODESYS (the advisory notes 2.8.0.138) and install the patched CODESYS software separately from the official CODESYS website.
- Follow the vendor installation and update instructions to ensure all security fixes are applied.
- Keep the Festo Automation Suite connector updated with the latest Festo releases.
- Restrict network exposure to GatewayService and related CODESYS services to trusted management networks only.
- Monitor OT assets for unexpected GatewayService process terminations or repeated crashes.
- Review where CmpRouter or CmpRouterEmbedded is deployed across the environment so affected instances are not missed.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory record and its official references. The advisory record in the supplied corpus was published on 2026-02-26 and republished on 2026-03-17. The source describes a remote packet-triggered crash in CODESYS GatewayService and does not describe code execution, privilege escalation, or data theft. No CISA KEV entry was provided in the supplied enrichment.
Official resources
-
CVE-2019-5105 CVE record
CVE.org
-
CVE-2019-5105 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory content from CISA CSAF, republished from the vendor advisory chain. This debrief is defensive only and omits exploit instructions.