PatchSiren cyber security CVE debrief
CVE-2022-22513 Festo CVE debrief
CVE-2022-22513 affects CODESYS components used in Festo Automation Suite. The advisory says an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The impact is availability-only, but crashes in OT environments can still disrupt operations.
- Vendor
- Festo
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-30
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-09-30
- Advisory updated
- 2025-11-13
Who should care
OT/ICS operators and administrators running Festo Automation Suite with CODESYS components, plus patch management and incident response teams responsible for affected industrial engineering workstations and related deployments.
Technical summary
The CISA CSAF advisory republished from Festo identifies affected Festo Automation Suite deployments that include CODESYS Development System 3.0, 3.5.16.10, and an external CODESYS Development System 3.5.21.20 component. An attacker must be authenticated and can cause a null pointer dereference in CmpSettings, resulting in a crash rather than a documented confidentiality or integrity impact. The provided CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which aligns with a network-reachable availability issue.
Defensive priority
Medium — remediate promptly in production OT environments where a crash would interrupt operations.
Recommended defensive actions
- Install the latest patched CODESYS release from the official CODESYS website.
- Follow the official CODESYS installation and update instructions to ensure security fixes are applied.
- Keep the Festo Automation Suite connector up to date by installing FAS updates as released by Festo.
- Review deployments for the CODESYS components named in the advisory, including Development System 3.0, 3.5.16.10, and the external 3.5.21.20 component.
- Monitor CODESYS, Festo PSIRT, CERTVDE, and CISA advisories for follow-up guidance.
Evidence notes
The supplied source corpus is CISA advisory ICSA-26-076-01, a republication of Festo advisory FSA-202601. It states that an authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of affected CODESYS products, leading to a crash. The remediation text says that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and must be downloaded separately, and it advises installing the latest patched CODESYS from the official website. The provided vendor metadata is low-confidence and marked needs review, so product/vendor attribution should be treated cautiously.
Official resources
-
CVE-2022-22513 CVE record
CVE.org
-
CVE-2022-22513 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The advisory was initially published on 2026-02-26 and republished/modified on 2026-03-17; these dates come from the supplied CVE and source timeline.