PatchSiren cyber security CVE debrief
CVE-2021-21863 Unknown Vendor CVE debrief
CVE-2021-21863 is an unsafe deserialization issue in the ComponentModel Profile.FromFile() functionality used by CODESYS Development System. According to the source advisory, a specially crafted file can trigger arbitrary command execution in affected versions, including CODESYS Development System 3.5.16 and 3.5.17. CISA’s advisory record for this issue was published on 2026-02-26 and republished on 2026-03-17, so defenders should use the published date for timeline context and the later date only as a republication/update marker.
- Vendor
- Unknown Vendor
- Product
- FESTO
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Industrial automation teams, OT engineers, and workstation administrators using Festo Automation Suite deployments that include affected CODESYS components should treat this as relevant, especially where users may open or import files from outside trusted sources.
Technical summary
The vulnerability is described as unsafe deserialization in Profile.FromFile(), which can allow an attacker to supply a malicious file that results in arbitrary command execution. The advisory’s CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local impact with user interaction required and high potential confidentiality, integrity, and availability consequences. The source material ties the issue to CODESYS Development System versions 3.5.16 and 3.5.17 and to Festo Automation Suite packaging/context.
Defensive priority
High
Recommended defensive actions
- Update to the latest patched CODESYS release from the official CODESYS website.
- If you use Festo Automation Suite, upgrade to version 2.8.0.138 or later, where CODESYS is no longer bundled with the suite.
- Follow the installation and update guidance provided by CODESYS to ensure security fixes are applied.
- Keep the Festo Automation Suite connector up to date by installing Festo-released updates as they become available.
- Review and apply CISA ICS recommended practices for industrial control system environments.
Evidence notes
The supplied source item is CISA’s CSAF advisory ICSA-26-076-01, titled “CODESYS in Festo Automation Suite.” Its revision history shows an initial publication on 2026-02-26 and a CISA republication on 2026-03-17 of the Festo advisory. The description explicitly states unsafe deserialization in ComponentModel Profile.FromFile() and says a specially crafted file can lead to arbitrary command execution. The input vendor field is low-confidence and does not cleanly match the advisory’s CODESYS/Festo context, so the source advisory should be treated as the primary attribution.
Official resources
-
CVE-2021-21863 CVE record
CVE.org
-
CVE-2021-21863 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-26-076-01 on 2026-02-26, with a CISA republication/update recorded on 2026-03-17.