These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A high-severity authorization bypass vulnerability in user account deletion functionality allows authenticated low-privilege attackers to delete arbitrary user accounts, including administrative accounts. The vulnerability stems from missing authorization checks when processing account deletion requests. Published 2026-05-26 by CERT@VDE with NVD entry, currently awaiting analysis. No known exploitation in [truncated]
A local privilege escalation vulnerability exists due to insecure temporary directory permissions during administrative installation. The affected product extracts installation files to a temporary directory with incorrect default permissions, creating a Time-of-Check to Time-of-Use (TOCTOU) race condition. A low-privileged local attacker can exploit this with a practical time window to replace verified f [truncated]
CVE-2026-44468 is a high-severity local privilege escalation vulnerability disclosed on 2026-05-26. The issue stems from insecure default directory permissions created during administrative installation of an affected product. A low-privileged local attacker can exploit this by modifying a temporary file that defines installation components, thereby forcing the deployment of arbitrary components and achie [truncated]
CVE-2026-0393 is a medium-severity credential exposure issue affecting login operations inside an active visualization session. According to the NVD record, low-privileged visualization users can remotely expose credentials to one another during concurrent login operations because authentication data is not sufficiently isolated. The issue is limited to login activity within an already active visualizatio [truncated]
CVE-2025-41659 is a high-severity issue affecting CODESYS components used with Festo Automation Suite. A low-privileged remote attacker may access the runtime PKI folder, read or modify certificates and keys, and potentially make certificates appear trusted; if certificates are deleted, services remain available but communication may fall back to unencrypted mode. CISA’s advisory was published on 2026-02- [truncated]
CVE-2025-2595 is a network-reachable information disclosure issue in CODESYS Visualization as used with Festo Automation Suite. A remote, unauthenticated attacker can bypass user management through forced browsing and read visualization template files or static elements. The supplied advisory data rates the issue CVSS 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating confidentiality impact without a c [truncated]
CVE-2025-0694 is an ICS vulnerability in CODESYS Control as distributed with Festo Automation Suite. The advisory says a low-privileged attacker with physical access can exploit insufficient path validation to gain full filesystem access. CISA first published the advisory on 2026-02-26 and later republished the Festo advisory on 2026-03-17.
CVE-2024-8175 is a high-severity denial-of-service issue in the CODESYS web server as used in Festo Automation Suite. According to the advisory, an unauthenticated remote attacker can trigger invalid memory access that results in a DoS. The published remediation centers on moving to patched CODESYS releases and keeping the Festo Automation Suite connector updated.
CVE-2024-5000 is a high-severity, network-reachable denial-of-service issue affecting CODESYS components associated with Festo Automation Suite. According to the advisory, an unauthenticated remote attacker can send a crafted OPC UA request that triggers an incorrect buffer-size calculation and can disrupt availability. The issue was published by CISA on 2026-02-26 and later republished/updated on 2026-03-17.
CVE-2023-6357 is a high-severity command-injection issue in the Festo Automation Suite / CODESYS software path. According to the advisory, a low-privileged remote attacker could inject additional system commands via file system libraries and potentially gain full control of the device. The published remediation path is to move to Festo Automation Suite 2.8.0.138 or later and use patched CODESYS releases f [truncated]
CVE-2023-49676 is a use-after-free vulnerability (CWE-416) in the CODESYS/Festo Automation Suite ecosystem. According to CISA's CSAF advisory ICSA-26-076-01, an unauthenticated local attacker can trick a user into opening a corrupted project file, which can crash the system. The advisory was published on 2026-02-26 and republished on 2026-03-17, and it ties remediation to updating Festo Automation Suite a [truncated]
CVE-2023-49675 is a high-severity, user-assisted local vulnerability disclosed by CISA on 2026-02-26 and updated on 2026-03-17. The advisory corpus ties the issue to Festo Automation Suite and CODESYS project-file handling: a malformed or corrupted project file can trigger an out-of-bounds write, leading to arbitrary code execution or a crash. The advisory emphasizes affected Festo Automation Suite versio [truncated]
CVE-2022-4224 is a high-severity industrial software flaw affecting CODESYS v3 components used with Festo Automation Suite. According to the CISA advisory, a remote user with low privileges could read and modify system files and OS resources or cause a denial of service on the device.
CVE-2022-4048 is a high-severity local attack against CODESYS Development System V3 versions prior to 3.5.18.40. In affected Festo Automation Suite deployments that bundled vulnerable CODESYS components, an unauthenticated local attacker could access and manipulate encrypted boot application code.
CVE-2022-32142 is a high-severity memory-corruption issue in CODESYS products as packaged with Festo Automation Suite. A low-privileged remote attacker can send a request with an invalid offset and trigger an out-of-bounds read or write, which can lead to denial of service or local memory overwrite. The advisory states that no user interaction is required and recommends moving to patched CODESYS builds fr [truncated]
CVE-2022-32141 affects multiple CODESYS products as republished in CISA’s ICSA-26-076-01 advisory for Festo Automation Suite. A remote attacker with low privileges can craft a request with an invalid offset, causing an internal buffer over-read and a denial-of-service condition. No user interaction is required. The advisory’s remediation focuses on using patched CODESYS releases and keeping Festo Automati [truncated]
CVE-2022-32140 describes a buffer overflow in multiple CODESYS products. A remote attacker with low privileges can craft a request that triggers a buffer copy without size checking, resulting in a denial-of-service condition. User interaction is not required. The advisory indicates an availability impact only, with no confidentiality or integrity impact listed.
CVE-2022-32139 affects multiple CODESYS products as referenced in the CISA CSAF advisory for Festo Automation Suite. A low-privileged remote attacker can craft a request that triggers an out-of-bounds read and results in denial of service without user interaction. The advisory was initially published on 2026-02-26 and republished on 2026-03-17.
CVE-2022-32137 affects multiple CODESYS products used with Festo Automation Suite. A low-privileged remote attacker can craft a request that triggers a heap-based buffer overflow, which may cause denial of service or memory overwrite. The supplied advisory does not require user interaction, and the CVSS score is 8.8 (High).
CVE-2022-32136 is a medium-severity denial-of-service issue affecting multiple CODESYS products as distributed with Festo Automation Suite. A low-privileged remote attacker can craft a request that triggers a read from an uninitialized pointer; no user interaction is required. The advisory recommends moving to patched CODESYS releases and keeping Festo Automation Suite components updated.
CVE-2022-31805 describes unprotected password transmission in multiple CODESYS Development System components used in the Festo Automation Suite advisory scope. CISA republished the vendor material as ICSA-26-076-01, and the published CVSS vector rates the issue 7.5 HIGH with network exposure and a confidentiality-only impact profile.
CVE-2022-30792 describes an availability issue in CmpChannelServer of CODESYS V3 where an unauthorized attacker can trigger uncontrolled resource consumption and block new communication channel connections. Existing connections are not affected, but the impact can still be significant in OT environments that depend on reliable channel creation.
CVE-2022-22516 affects the SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows. According to the CISA-republished Festo advisory, a local system user can read and write within restricted memory space, which creates a high-risk integrity, confidentiality, and availability issue on affected hosts. The advisory ties the issue to Festo Automation Suite deployments that include CODESYS c [truncated]
CVE-2022-1989 is an information-exposure issue in CODESYS Visualization versions before V4.2.0.0. A remote, unauthenticated attacker can use the vulnerable login dialog to enumerate valid users. The advisory was publicly disclosed by CISA on 2026-02-26 and republished on 2026-03-17 from Festo advisory material.
CVE-2022-1965 is a high-severity flaw in multiple CODESYS products as distributed with Festo Automation Suite. According to the advisory, a low-privilege remote attacker can send a crafted request that is not handled correctly by error processing, causing the file referenced by the request to be deleted. No user interaction is required. The published CVSS 3.1 vector rates the issue as AV:N/AC:L/PR:L/UI:N/ [truncated]
CVE-2021-34595 is a memory-corruption vulnerability in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT caused by crafted requests with invalid offsets. In affected deployments, this can lead to denial of service or local memory overwrite, and the supplied advisory rates the issue as high severity (CVSS 8.1). The recommended path is to move to patched CODESYS releases and, where applicable, upgrade Fes [truncated]
CVE-2022-22519 is a high-severity availability issue in the CODESYS Control runtime system as distributed with Festo Automation Suite. According to the CISA CSAF advisory, a remote unauthenticated attacker can send a specific crafted HTTP or HTTPS request that causes a buffer over-read and crashes the webserver. The advisory was published by CISA on 2026-02-26 and republished/updated on 2026-03-17; the CV [truncated]
Published by CISA on 2026-02-26 and revised on 2026-03-17, this advisory describes a high-severity availability issue in CODESYS as used with Festo Automation Suite. A remote attacker without authentication can guess a valid channel ID, inject packets, and force existing communication channels to close. For defenders, the key action is to identify affected Festo Automation Suite/CODESYS installations and [truncated]
CVE-2022-22515 is a HIGH-severity industrial control systems issue affecting Festo Automation Suite deployments that include CODESYS components. The advisory states that a remote, authenticated attacker can use the CODESYS Control runtime system control program to read and modify configuration files in affected products.
CVE-2020-12069 describes a weak password-hashing issue in CODESYS V3 products prior to V3.5.16.0 that include CmpUserMgr. In affected systems, the runtime stores online communication passwords using a weak hashing algorithm, which can allow a local attacker with low privileges to gain full control of the device. The CISA republication dated 2026-02-26 references a Festo advisory republished on 2026-03-17 [truncated]
CVE-2022-31804 is a network-exploitable denial-of-service issue in CODESYS Gateway Server V2 used by FESTO's "CODESYS provided by Festo" software. The gateway does not verify that request size stays within expected limits, so an unauthenticated attacker can force arbitrary memory allocation and potentially crash the service through out-of-memory exhaustion. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/ [truncated]
CVE-2022-31803 affects FESTO’s CODESYS provided by Festo deployments and is described by CISA as a flaw in CODESYS Gateway Server V2 that lets an unauthenticated attacker consume all available TCP connections. The impact is availability-only: legitimate users or clients may be unable to establish new connections, while existing connections remain intact. CISA’s CSAF advisory rates the issue medium severit [truncated]
CVE-2022-31802 is a critical authentication bypass affecting CODESYS Gateway Server V2 in Festo-related software. According to the supplied CSAF description, versions prior to V2.3.9.38 compare only part of the provided password against the real gateway password, which can let an attacker authenticate with a shorter password that matches the compared portion. The result is a network-reachable, unauthentic [truncated]
CVE-2023-37559 affects Festo Automation Suite deployments that include CODESYS components. After a user successfully authenticates, crafted network communication requests with inconsistent content can cause the CmpAppForce component to read from an invalid address and potentially deny service. The issue is availability-only, but that still matters in industrial environments where a service interruption ca [truncated]
CVE-2023-37558 is an authenticated denial-of-service issue affecting multiple CODESYS products and versions as distributed with Festo Automation Suite. A user who has already authenticated can send crafted network communication requests with inconsistent content and cause the CmpAppForce component to read from an invalid address, potentially disrupting availability. The issue is distinct from CVE-2023-37559.
CVE-2023-37557 is an authenticated denial-of-service issue in CODESYS components used with Festo Automation Suite. According to the CISA CSAF advisory, crafted remote communication requests can make the CmpAppBP component overwrite a heap-based buffer, which can crash the affected service. The advisory was initially published by CISA on 2026-02-26 and later republished on 2026-03-17 from Festo’s original advisory.
CVE-2023-37556 affects multiple versions of CODESYS-related products used with Festo Automation Suite. After successful authentication, crafted network communication requests with inconsistent content can cause the CmpAppBP component to read from an invalid address, which may result in a denial-of-service condition. CISA published the advisory on 2026-02-26 and republished it on 2026-03-17.
CVE-2023-37555 is a medium-severity availability issue in CODESYS components used with Festo Automation Suite. After successful authentication, specially crafted network communication requests with inconsistent content can cause the CmpAppBP component to read from an invalid internal address, potentially resulting in denial of service. The advisory explicitly says this issue is different from CVE-2023-375 [truncated]
CVE-2023-37554 affects multiple versions of CODESYS components used with Festo Automation Suite. After successful authentication, a crafted network communication request with inconsistent content can make the CmpAppBP component read from an invalid internal address, which may crash the service and cause denial of service. The advisory is distinct from CVE-2023-37552, CVE-2023-37553, CVE-2023-37555, and CV [truncated]
CVE-2023-37553 affects multiple versions of CODESYS products used in Festo Automation Suite. A successful authenticated user can send specially crafted network communication requests with inconsistent content that cause the CmpAppBP component to read from an invalid internal address, creating a denial-of-service risk. The advisory is tied to Festo Automation Suite/CODESYS deployments rather than a standal [truncated]
CVE-2023-37552 is an authenticated denial-of-service issue affecting multiple CODESYS products as deployed with Festo Automation Suite. The advisory says that, after successful user authentication, specially crafted network communication requests with inconsistent content can make the CmpAppBP component read from an invalid internal address, potentially crashing or otherwise denying service. CISA publishe [truncated]
CVE-2023-37551 affects CODESYS components used in Festo Automation Suite deployments. After successful authentication as a user, specially crafted network requests can use the CmpApp component to download files with any extension to the controller, bypassing the file-type filtering applied by CmpFileTransfer. The advisory says this can compromise the integrity of the CODESYS control runtime system.
CVE-2023-37550 is a post-authentication denial-of-service issue affecting multiple CODESYS product combinations used with Festo Automation Suite. The advisory says that crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid address, which can disrupt availability. The source also lists impacted Festo Automation Suite releases below 2.8.0.138 and [truncated]
CVE-2023-37549 is an authenticated remote denial-of-service issue affecting multiple CODESYS product versions used in Festo Automation Suite. According to the advisory, specially crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid internal address, which can disrupt the service and potentially stop affected systems from operating normally.
CVE-2023-37548 is an availability issue in multiple CODESYS-related products used with Festo Automation Suite. After a user successfully authenticates, specially crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid address, which can lead to a denial-of-service condition. The advisory describes this as a distinct issue from neighboring CODESYS [truncated]
CVE-2023-37547 describes an authenticated denial-of-service condition affecting multiple CODESYS products and versions as used in Festo Automation Suite. According to the advisory, a user who has already authenticated can send crafted network communication requests with inconsistent content that cause the CmpApp component to read from an invalid internal address, potentially crashing or destabilizing the [truncated]
CVE-2023-37546 affects multiple CODESYS products and Festo Automation Suite deployments that bundle specific CODESYS versions. After successful user authentication, crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid internal address, which can lead to a denial-of-service condition. The issue is documented in CISA’s republication of the Festo [truncated]
CVE-2023-37545 is a medium-severity denial-of-service issue in CODESYS components used in Festo Automation Suite. According to the advisory, a user who has already authenticated can send specific crafted network communication requests with inconsistent content and cause the CmpApp component to read from an invalid internal address. The practical outcome is a crash or service disruption rather than a direc [truncated]
CVE-2023-3670 describes an unsafe directory-permissions issue in CODESYS Development System and CODESYS Scripting. On affected workstation installations, a locally present attacker could place disguised scripts in locations that legitimate users later trust and run, creating a path to unauthorized code execution in an engineering environment. The supplied advisory ties the issue to CODESYS components refe [truncated]
CVE-2023-3669 is a low-severity local brute-force weakness in CODESYS Development System prior to 3.5.19.20. The issue allows unlimited password guesses within an import dialog, which can weaken the confidentiality of protected imported content. In the supplied source corpus, CISA republished the Festo advisory for this issue on 2026-02-26 and updated the record on 2026-03-17.