PatchSiren cyber security CVE debrief
CVE-2022-22508 Unknown Vendor CVE debrief
CVE-2022-22508 is an improper input validation issue affecting multiple CODESYS V3 products and Festo Automation Suite deployments that bundle CODESYS components. According to the advisory, an authenticated remote attacker can block consecutive logins of a specific type. CISA’s CVSS vector rates the issue as availability-only impact (CVSS 4.3 / Medium), so the primary concern is operational disruption rather than data exposure or code execution. The advisory was initially published on 2026-02-26 and republished by CISA on 2026-03-17 from the vendor advisory.
- Vendor
- Unknown Vendor
- Product
- FESTO
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS operators using Festo Automation Suite or CODESYS V3 components, plant engineers, system integrators, and asset owners who manage authenticated remote access to engineering or workstation environments.
Technical summary
The advisory describes an improper input validation flaw in multiple CODESYS V3 products. A remote attacker with valid credentials and low privileges can trigger a condition that blocks consecutive logins of a specific type. The supplied CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) indicates network reachability, low privileges, no user interaction, and availability-only impact.
Defensive priority
Moderate. The CVSS score is low-medium, but login-blocking behavior in ICS workflows can still interrupt operator access and engineering operations.
Recommended defensive actions
- Inventory all Festo Automation Suite and CODESYS V3 installations, including bundled external components, to determine exposure.
- Upgrade to Festo Automation Suite 2.8.0.138 or later, and install the latest patched CODESYS release from the official CODESYS website.
- Follow the vendor installation and update instructions carefully so that all related security fixes are applied.
- Keep the Festo Automation Suite connector up to date by applying Festo releases as they become available.
- Review who can use authenticated remote access, remove unnecessary accounts or privileges, and limit access to only required operator roles.
- Monitor for repeated or unusual login failures or blocked login attempts involving the affected login type.
- Apply ICS defense-in-depth and segmentation practices to reduce operational impact if authentication or access controls are disrupted.
Evidence notes
The source corpus identifies the issue as "CODESYS in Festo Automation Suite" and states that it affects multiple CODESYS V3 products. The CISA CSAF advisory (ICSA-26-076-01) includes the remediation guidance that Festo Automation Suite 2.8.0.138 no longer bundles CODESYS and directs customers to download patched CODESYS releases directly from the official vendor site. The supplied CVSS vector and description support an availability-only, authenticated-network attack scenario.
Official resources
-
CVE-2022-22508 CVE record
CVE.org
-
CVE-2022-22508 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Initial public advisory published 2026-02-26; CISA republication of the vendor advisory occurred 2026-03-17.