PatchSiren cyber security CVE debrief
CVE-2022-22514 Festo CVE debrief
CVE-2022-22514 is an authenticated remote memory-corruption issue described in CISA’s CSAF republication of the Festo advisory for Festo Automation Suite and related CODESYS components. The flaw can expose a dereferenced pointer in a request, which may lead to local overwriting of memory in CmpTraceMgr; the source corpus says the attacker cannot control the read values or the written values, but invalid memory access can crash the affected process.
- Vendor
- Festo
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-30
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-09-30
- Advisory updated
- 2025-11-13
Who should care
Organizations running Festo Automation Suite versions below 2.8.0.138, especially installations that include the bundled CODESYS Development System components identified in the advisory. OT/ICS operators, engineering workstation administrators, and patch managers should prioritize systems that expose authenticated remote access paths.
Technical summary
The advisory states that an authenticated, remote attacker can access a dereferenced pointer contained in a request. That access may lead to local memory overwrite in CmpTraceMgr. The corpus further notes that the attacker cannot control the values read internally or the values written, but invalid memory access can result in a crash. The supplied CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H) is consistent with a network-reachable, low-complexity issue requiring privileges.
Defensive priority
High. The issue is remotely reachable after authentication and can affect availability, with potential integrity impact. The source corpus does not indicate known exploitation or KEV listing, but the combination of network exposure and crash/memory-corruption behavior warrants prompt remediation.
Recommended defensive actions
- Upgrade Festo Automation Suite to version 2.8.0.138 or later.
- Install the latest patched CODESYS release directly from the official CODESYS website, following vendor update guidance.
- Keep the Festo Automation Suite connector updated with the latest FAS releases from Festo.
- Review which systems expose authenticated remote access to affected engineering or automation components and limit access where possible.
- Monitor Festo and CODESYS security advisories and apply future updates promptly.
Evidence notes
This debrief is based on CISA’s CSAF republication (ICSA-26-076-01) of the Festo SE & Co. KG advisory FSA-202601 and the CVE record links provided in the corpus. The advisory text explicitly describes authenticated remote access, dereferenced-pointer access, local memory overwrite in CmpTraceMgr, and possible crashes on invalid memory access. The corpus does not include KEV listing, known ransomware use, or confirmed exploitation details.
Official resources
-
CVE-2022-22514 CVE record
CVE.org
-
CVE-2022-22514 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF republication of Festo SE & Co. KG advisory FSA-202601, published 2026-02-26 and modified 2026-03-17. Use the publishedAt date from the advisory timeline as the issue-disclosure context; do not substitute later generation or repub