PatchSiren cyber security CVE debrief
CVE-2022-47383 Schneider Electric CVE debrief
An authenticated remote attacker can exploit a stack-based out-of-bounds write in the CmpTraceMgr component used by affected CODESYS products in Festo Automation Suite to overwrite stack memory. The advisory says impact can include denial of service, memory corruption, or remote code execution, making this a high-priority issue for OT environments.
- Vendor
- Schneider Electric
- Product
- HMISCU Controller
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-07-11
- Original CVE updated
- 2026-01-20
- Advisory published
- 2023-07-11
- Advisory updated
- 2026-01-20
Who should care
OT/ICS administrators, automation engineers, and security teams managing Festo Automation Suite installations that include CODESYS components, especially systems that allow authenticated remote access or shared engineering workstations.
Technical summary
CISA’s CSAF republication for ICSA-26-076-01 describes a stack-based out-of-bounds write in the CmpTraceMgr component. The source corpus ties the issue to multiple Festo Automation Suite and CODESYS Development System combinations, including versions prior to 2.8.0.138 and specific bundled CODESYS releases named in the advisory. Because the attack requires authentication but can still lead to denial of service, memory overwrite, or remote code execution, the vulnerability has meaningful operational impact in industrial environments.
Defensive priority
High — authenticated remote exploitation with potential remote code execution in industrial software warrants prompt patching, version inventory, and exposure review.
Recommended defensive actions
- Update to the latest patched CODESYS release from the official CODESYS website and follow the vendor’s installation/update guidance.
- Install the latest Festo Automation Suite updates and verify whether CODESYS is bundled or installed separately in your deployment.
- Inventory affected Festo Automation Suite/CODESYS versions and prioritize systems matching the advisory’s listed product combinations.
- Restrict and monitor authenticated access to engineering and automation systems, and watch for crashes, memory-corruption symptoms, or unexpected service instability.
- Track CODESYS, Festo, and CISA advisories for follow-on fixes or revised compatibility guidance.
Evidence notes
Primary evidence comes from CISA’s CSAF republication of Festo advisory ICSA-26-076-01 titled 'CODESYS in Festo Automation Suite.' The source item lists the affected product combinations, the vulnerability description, and the remediation guidance. The supplied vendor mapping is explicitly low-confidence and marked for review, so the safest attribution is the Festo Automation Suite / CODESYS advisory scope stated in the source corpus.
Official resources
-
CVE-2022-47383 CVE record
CVE.org
-
CVE-2022-47383 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public disclosure in the supplied corpus is dated 2026-02-26 via CISA CSAF (ICSA-26-076-01); the source metadata shows a republication/update on 2026-03-17.