CVE-2022-32143 Unknown Vendor CVE debrief

Who should care

Organizations using Festo Automation Suite deployments that include affected CODESYS components, especially teams responsible for PLC engineering workstations, industrial control environments, and device access controls. Security and operations teams should pay attention if controllers may be reachable without a configured level 1 password or if any authenticated remote access is allowed.

Technical summary

The advisory describes an access-control and file-handling weakness in CODESYS file download/upload functionality. Under the conditions stated in the source, a remote attacker can interact with internal files in the controller working directory, which may include firmware and other sensitive local files. The CVSS vector provided is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, reflecting network reachability, low attack complexity, required low privileges, no user interaction, and high impact to confidentiality, integrity, and availability. The remediation notes indicate that Festo Automation Suite version 2.8.0.138 no longer bundles CODESYS and that customers should obtain patched CODESYS directly from the vendor and keep the Festo Automation Suite connector updated.

Defensive priority

High for industrial environments using the affected product combinations. The issue is remotely reachable under the conditions described and can affect confidentiality, integrity, and availability of controller-side files. Prioritize if exposed controllers lack a level 1 password or if authenticated remote access is present.

Recommended defensive actions

• Confirm whether Festo Automation Suite installations include any affected CODESYS versions listed in the advisory.
• Update to the latest patched CODESYS version obtained directly from the official CODESYS website, following vendor installation and update guidance.
• Upgrade Festo Automation Suite to version 2.8.0.138 or later, where CODESYS is no longer bundled, and keep the connector updated with Festo releases.
• Verify that controllers have a configured level 1 password and review remote authentication paths that could permit access under the advisory conditions.
• Monitor CODESYS and Festo security advisories and apply updates promptly.
• Review controller working-directory file handling and restrict unnecessary file transfer or engineering access where operationally feasible.

Evidence notes

All key claims above are taken from the supplied CISA CSAF advisory and its referenced remediation text. The source states that file download/upload can access internal files in the working directory, that processing occurs only when no level 1 password is configured or after successful remote authentication, and that impact may include denial of service, local file changes, and confidential information disclosure. The CVSS vector and severity were taken from the source item. Timing references use the supplied CVE published and modified timestamps, not any later generation or review time.

Official resources