PatchSiren cyber security CVE debrief
CVE-2022-30791 Unknown Vendor CVE debrief
CVE-2022-30791 is a network denial-of-service issue in CmpBlkDrvTcp within CODESYS V3 as distributed with affected Festo Automation Suite releases. An unauthorized attacker can trigger uncontrolled resource consumption that prevents new TCP connections, while existing sessions are not affected.
- Vendor
- Unknown Vendor
- Product
- FESTO
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS operators using Festo Automation Suite with embedded or separately installed CODESYS Development System components, plus plant engineers and security teams responsible for remote engineering access and TCP-exposed automation services.
Technical summary
The advisory describes uncontrolled resource consumption in CmpBlkDrvTcp. Because the issue is unauthenticated and network reachable, it creates a high-availability impact: attackers can deny new TCP connections without disrupting already established sessions. The source advisory ties the issue to CODESYS V3 in multiple versions and lists affected Festo Automation Suite / CODESYS version combinations, with remediation guidance that moves CODESYS handling to customer-managed downloads starting with Festo Automation Suite 2.8.0.138.
Defensive priority
High for environments where the affected CODESYS service is reachable over the network and new engineering or control connections are operationally important. This is primarily an availability risk, but in ICS/OT environments connection loss can interrupt maintenance, monitoring, or coordination.
Recommended defensive actions
- Identify whether Festo Automation Suite versions earlier than 2.8.0.138 are deployed and whether CODESYS components are present in the environment.
- Install the latest patched CODESYS release directly from the official CODESYS website and follow the vendor update instructions.
- Upgrade to Festo Automation Suite 2.8.0.138 or later where applicable, and verify the separate CODESYS installation path is managed and patched.
- Monitor CODESYS and Festo security advisories and apply updates promptly when new fixes are released.
- Review network exposure, segmentation, and access controls around TCP-reachable engineering services.
- Confirm operational procedures for connection loss, since the issue mainly blocks new TCP connections rather than terminating existing ones.
Evidence notes
Primary source advisory ICSA-26-076-01 was initially published on 2026-02-26 and republished on 2026-03-17. It states that in CmpBlkDrvTcp of CODESYS V3, uncontrolled resource consumption allows an unauthorized attacker to block new TCP connections, while existing connections are not affected. The same source lists affected Festo Automation Suite / CODESYS version combinations and provides mitigation guidance. This debrief uses the supplied advisory timeline for context and does not infer exploit activity or disclosure timing beyond the provided corpus.
Official resources
-
CVE-2022-30791 CVE record
CVE.org
-
CVE-2022-30791 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA’s advisory for this issue was initially published on 2026-02-26 and republished on 2026-03-17. Those dates are advisory publication and republication dates, not the original vulnerability date. The CVE identifier is CVE-2022-30791.