PatchSiren cyber security CVE debrief
CVE-2023-49676 CODESYS CVE debrief
CVE-2023-49676 is a use-after-free vulnerability (CWE-416) in the CODESYS/Festo Automation Suite ecosystem. According to CISA's CSAF advisory ICSA-26-076-01, an unauthenticated local attacker can trick a user into opening a corrupted project file, which can crash the system. The advisory was published on 2026-02-26 and republished on 2026-03-17, and it ties remediation to updating Festo Automation Suite and installing patched CODESYS releases from official sources.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT administrators, automation engineers, and security teams supporting Festo Automation Suite or CODESYS Development System installations should care most. This is especially important where engineering project files may be exchanged with third parties or handled on shared workstations.
Technical summary
The advisory describes a local, user-interaction-required use-after-free condition with no confidentiality or integrity impact and high availability impact (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). The practical risk is disruption: opening a corrupted project file can crash the affected system. The supplied advisory scope includes Festo Automation Suite versions below 2.8.0.138 and related CODESYS Development System components named in the CSAF record.
Defensive priority
Medium. Prioritize patching on engineering and OT workstations because the issue can interrupt availability and requires only a user to open a malicious or corrupted project file. Raise priority if your environment regularly imports files from less-trusted sources.
Recommended defensive actions
- Upgrade Festo Automation Suite to version 2.8.0.138 or later where applicable.
- Install the latest patched CODESYS release directly from the official CODESYS website.
- Follow the vendor's installation and update instructions so all security fixes are applied.
- Keep the Festo Automation Suite connector current by applying FAS updates as they are released.
- Review file-handling workflows for project files from external or untrusted sources and isolate or scan them before opening.
- Monitor Festo PSIRT, CERT@VDE, and CISA advisories for bundle and component updates.
Evidence notes
Primary evidence comes from the CISA CSAF source item for ICSA-26-076-01, which republishes the Festo advisory and explicitly describes the use-after-free crash scenario, the user-interaction requirement, and the affected Festo/CODESYS product scope. The supplied metadata also lists the CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H and the CWE-416 reference. Vendor attribution in the prompt metadata is low-confidence and marked for review, so this debrief relies on the advisory text and official links rather than the placeholder vendor object.
Official resources
-
CVE-2023-49676 CVE record
CVE.org
-
CVE-2023-49676 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory context: first published by CISA on 2026-02-26 and republished on 2026-03-17. No KEV entry or ransomware-campaign linkage is supplied in the source corpus. This debrief intentionally omits exploit details and offensive steps