CVE-2025-1468 Unknown Vendor CVE debrief

Who should care

OT/ICS operators, plant engineers, and security teams responsible for Festo Automation Suite deployments that include CODESYS components; incident responders and asset owners who expose OPC UA services to untrusted networks; and administrators managing authentication or credential material in connected automation systems.

Technical summary

According to the source advisory, an unauthenticated remote attacker can access sensitive information, including authentication information, when CODESYS OPC UA Server is configured with the non-default Basic128Rsa15 security policy. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates a network-reachable confidentiality impact with no privileges or user interaction required. The supplied advisory also states that starting with Festo Automation Suite 2.8.0.138, CODESYS is no longer bundled and must be downloaded and installed separately; remediation depends on using a patched CODESYS release and keeping the Festo connector updated.

Defensive priority

High. This is a remotely reachable, unauthenticated confidentiality issue in an industrial software stack, and the source explicitly notes exposure of authentication information. Prioritize review of any deployment using the affected CODESYS OPC UA configuration, especially where the service is accessible beyond tightly controlled OT segments.

Recommended defensive actions

• Identify all Festo Automation Suite deployments that include CODESYS components and verify whether the affected OPC UA Server configuration uses the non-default Basic128Rsa15 security policy.
• Upgrade to the latest patched CODESYS version obtained directly from the official CODESYS website, following the vendor’s installation and update guidance.
• Apply Festo Automation Suite updates as released, including the connector update path referenced in the advisory.
• Review whether credentials or other sensitive information may have been exposed and rotate or revoke authentication material as appropriate.
• Restrict network access to OPC UA services to trusted OT management networks and enforce segmentation consistent with ICS defense-in-depth guidance.
• Monitor CODESYS and Festo security advisories for follow-up fixes or configuration guidance.

Evidence notes

The source corpus states: “An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.” The CISA CSAF item is a republication of Festo SE & Co. KG advisory FSA-202601 and lists affected Festo Automation Suite/CODESYS versions, including Festo Automation Suite versions before 2.8.0.138 and bundled CODESYS components. Published date used here is 2026-02-26 with modification on 2026-03-17, per the supplied timeline. Vendor attribution in the prompt is low confidence and should be reviewed against the Festo advisory references.

Official resources