These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-41659 is a high-severity issue affecting CODESYS components used with Festo Automation Suite. A low-privileged remote attacker may access the runtime PKI folder, read or modify certificates and keys, and potentially make certificates appear trusted; if certificates are deleted, services remain available but communication may fall back to unencrypted mode. CISA’s advisory was published on 2026-02- [truncated]
CVE-2025-2595 is a network-reachable information disclosure issue in CODESYS Visualization as used with Festo Automation Suite. A remote, unauthenticated attacker can bypass user management through forced browsing and read visualization template files or static elements. The supplied advisory data rates the issue CVSS 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating confidentiality impact without a c [truncated]
CVE-2025-0694 is an ICS vulnerability in CODESYS Control as distributed with Festo Automation Suite. The advisory says a low-privileged attacker with physical access can exploit insufficient path validation to gain full filesystem access. CISA first published the advisory on 2026-02-26 and later republished the Festo advisory on 2026-03-17.
CVE-2024-8175 is a high-severity denial-of-service issue in the CODESYS web server as used in Festo Automation Suite. According to the advisory, an unauthenticated remote attacker can trigger invalid memory access that results in a DoS. The published remediation centers on moving to patched CODESYS releases and keeping the Festo Automation Suite connector updated.
CVE-2024-5000 is a high-severity, network-reachable denial-of-service issue affecting CODESYS components associated with Festo Automation Suite. According to the advisory, an unauthenticated remote attacker can send a crafted OPC UA request that triggers an incorrect buffer-size calculation and can disrupt availability. The issue was published by CISA on 2026-02-26 and later republished/updated on 2026-03-17.
CVE-2023-6357 is a high-severity command-injection issue in the Festo Automation Suite / CODESYS software path. According to the advisory, a low-privileged remote attacker could inject additional system commands via file system libraries and potentially gain full control of the device. The published remediation path is to move to Festo Automation Suite 2.8.0.138 or later and use patched CODESYS releases f [truncated]
CVE-2023-49676 is a use-after-free vulnerability (CWE-416) in the CODESYS/Festo Automation Suite ecosystem. According to CISA's CSAF advisory ICSA-26-076-01, an unauthenticated local attacker can trick a user into opening a corrupted project file, which can crash the system. The advisory was published on 2026-02-26 and republished on 2026-03-17, and it ties remediation to updating Festo Automation Suite a [truncated]
CVE-2023-49675 is a high-severity, user-assisted local vulnerability disclosed by CISA on 2026-02-26 and updated on 2026-03-17. The advisory corpus ties the issue to Festo Automation Suite and CODESYS project-file handling: a malformed or corrupted project file can trigger an out-of-bounds write, leading to arbitrary code execution or a crash. The advisory emphasizes affected Festo Automation Suite versio [truncated]
CVE-2023-37559 affects Festo Automation Suite deployments that include CODESYS components. After a user successfully authenticates, crafted network communication requests with inconsistent content can cause the CmpAppForce component to read from an invalid address and potentially deny service. The issue is availability-only, but that still matters in industrial environments where a service interruption ca [truncated]
CVE-2023-37558 is an authenticated denial-of-service issue affecting multiple CODESYS products and versions as distributed with Festo Automation Suite. A user who has already authenticated can send crafted network communication requests with inconsistent content and cause the CmpAppForce component to read from an invalid address, potentially disrupting availability. The issue is distinct from CVE-2023-37559.
CVE-2023-37557 is an authenticated denial-of-service issue in CODESYS components used with Festo Automation Suite. According to the CISA CSAF advisory, crafted remote communication requests can make the CmpAppBP component overwrite a heap-based buffer, which can crash the affected service. The advisory was initially published by CISA on 2026-02-26 and later republished on 2026-03-17 from Festo’s original advisory.
CVE-2023-37556 affects multiple versions of CODESYS-related products used with Festo Automation Suite. After successful authentication, crafted network communication requests with inconsistent content can cause the CmpAppBP component to read from an invalid address, which may result in a denial-of-service condition. CISA published the advisory on 2026-02-26 and republished it on 2026-03-17.
CVE-2023-37555 is a medium-severity availability issue in CODESYS components used with Festo Automation Suite. After successful authentication, specially crafted network communication requests with inconsistent content can cause the CmpAppBP component to read from an invalid internal address, potentially resulting in denial of service. The advisory explicitly says this issue is different from CVE-2023-375 [truncated]
CVE-2023-37554 affects multiple versions of CODESYS components used with Festo Automation Suite. After successful authentication, a crafted network communication request with inconsistent content can make the CmpAppBP component read from an invalid internal address, which may crash the service and cause denial of service. The advisory is distinct from CVE-2023-37552, CVE-2023-37553, CVE-2023-37555, and CV [truncated]
CVE-2023-37553 affects multiple versions of CODESYS products used in Festo Automation Suite. A successful authenticated user can send specially crafted network communication requests with inconsistent content that cause the CmpAppBP component to read from an invalid internal address, creating a denial-of-service risk. The advisory is tied to Festo Automation Suite/CODESYS deployments rather than a standal [truncated]
CVE-2023-37552 is an authenticated denial-of-service issue affecting multiple CODESYS products as deployed with Festo Automation Suite. The advisory says that, after successful user authentication, specially crafted network communication requests with inconsistent content can make the CmpAppBP component read from an invalid internal address, potentially crashing or otherwise denying service. CISA publishe [truncated]
CVE-2023-37551 affects CODESYS components used in Festo Automation Suite deployments. After successful authentication as a user, specially crafted network requests can use the CmpApp component to download files with any extension to the controller, bypassing the file-type filtering applied by CmpFileTransfer. The advisory says this can compromise the integrity of the CODESYS control runtime system.
CVE-2023-37550 is a post-authentication denial-of-service issue affecting multiple CODESYS product combinations used with Festo Automation Suite. The advisory says that crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid address, which can disrupt availability. The source also lists impacted Festo Automation Suite releases below 2.8.0.138 and [truncated]
CVE-2023-37549 is an authenticated remote denial-of-service issue affecting multiple CODESYS product versions used in Festo Automation Suite. According to the advisory, specially crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid internal address, which can disrupt the service and potentially stop affected systems from operating normally.
CVE-2023-37548 is an availability issue in multiple CODESYS-related products used with Festo Automation Suite. After a user successfully authenticates, specially crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid address, which can lead to a denial-of-service condition. The advisory describes this as a distinct issue from neighboring CODESYS [truncated]
CVE-2023-37547 describes an authenticated denial-of-service condition affecting multiple CODESYS products and versions as used in Festo Automation Suite. According to the advisory, a user who has already authenticated can send crafted network communication requests with inconsistent content that cause the CmpApp component to read from an invalid internal address, potentially crashing or destabilizing the [truncated]
CVE-2023-37546 affects multiple CODESYS products and Festo Automation Suite deployments that bundle specific CODESYS versions. After successful user authentication, crafted network communication requests with inconsistent content can make the CmpApp component read from an invalid internal address, which can lead to a denial-of-service condition. The issue is documented in CISA’s republication of the Festo [truncated]
CVE-2023-37545 is a medium-severity denial-of-service issue in CODESYS components used in Festo Automation Suite. According to the advisory, a user who has already authenticated can send specific crafted network communication requests with inconsistent content and cause the CmpApp component to read from an invalid internal address. The practical outcome is a crash or service disruption rather than a direc [truncated]
CVE-2023-3670 describes an unsafe directory-permissions issue in CODESYS Development System and CODESYS Scripting. On affected workstation installations, a locally present attacker could place disguised scripts in locations that legitimate users later trust and run, creating a path to unauthorized code execution in an engineering environment. The supplied advisory ties the issue to CODESYS components refe [truncated]
CVE-2023-3669 is a low-severity local brute-force weakness in CODESYS Development System prior to 3.5.19.20. The issue allows unlimited password guesses within an import dialog, which can weaken the confidentiality of protected imported content. In the supplied source corpus, CISA republished the Festo advisory for this issue on 2026-02-26 and updated the record on 2026-03-17.
CVE-2023-3663 is a high-severity issue in CODESYS Development System where a missing integrity check may allow an unauthenticated remote attacker to manipulate notification content received over HTTP by the CODESYS notification server. The advisory context in the supplied source is tied to Festo Automation Suite deployments that include CODESYS components, but the vulnerability statement itself is specifi [truncated]
CVE-2023-3662 is a local code-execution issue tied to CODESYS Development System components used with Festo Automation Suite. The advisory states that binaries from the current working directory can be executed in the user’s context, which can let an attacker influence what runs when a user launches the affected software from a writable location. The published CVSS 3.1 score is 7.3 (High), but the vector [truncated]
CVE-2022-47393 is a denial-of-service issue in multiple CODESYS product versions used with Festo Automation Suite. According to the CISA CSAF advisory, an authenticated remote attacker can exploit an improper memory-buffer bounds restriction to force service disruption. The advisory was first published on 2026-02-26 and republished on 2026-03-17 with the initial CISA republication of the Festo advisory.
CVE-2022-47392 is a medium-severity availability issue affecting CmpApp/CmpAppBP/CmpAppForce components in multiple CODESYS products used by Festo Automation Suite. According to the advisory, an authenticated remote attacker can exploit improper input validation to read from an invalid address, which can lead to a denial-of-service condition.
CVE-2022-47391 is a high-severity denial-of-service issue affecting multiple CODESYS products and versions as distributed in Festo Automation Suite. According to the advisory, an unauthorized remote attacker may exploit improper input validation to read from invalid addresses, resulting in service disruption. The practical risk is highest for environments that use affected Festo Automation Suite releases [truncated]
CVE-2022-47390 is an authenticated, remote stack-based out-of-bounds write in the CmpTraceMgr component used by multiple CODESYS product versions, including CODESYS components associated with Festo Automation Suite. CISA rates the issue 8.8 High and notes impacts that can range from denial of service to memory overwriting and remote code execution. The defensive priority is high because the vulnerable pat [truncated]
CVE-2022-47389 is a high-severity memory corruption issue in the CmpTraceMgr component used by certain CODESYS products in Festo Automation Suite deployments. According to the CISA CSAF advisory, an authenticated remote attacker could trigger a stack-based out-of-bounds write that may lead to denial of service, memory overwriting, or remote code execution.
CVE-2022-47388 is a high-severity memory corruption flaw in the CmpTraceMgr component used by multiple CODESYS products. In the Festo Automation Suite context, an authenticated remote attacker may be able to write past the stack boundary, which can result in denial of service, memory overwriting, or remote code execution. The advisory recommends moving to patched CODESYS releases and keeping the Festo Aut [truncated]
CVE-2022-47387 is a high-severity stack-based out-of-bounds write in the CmpTraceMgr component used by CODESYS products in Festo Automation Suite. According to the CISA republication of the vendor advisory, an authenticated remote attacker may be able to trigger denial of service, memory overwriting, or remote code execution. The advisory was initially published on 2026-02-26 and revised on 2026-03-17.
CVE-2022-47386 is a high-severity memory corruption issue reported by CISA for CODESYS components used in Festo Automation Suite. The advisory says an authenticated remote attacker could trigger a stack-based out-of-bounds write in the CmpTraceMgr component, which may lead to denial of service, memory overwriting, or remote code execution. CISA published the advisory on 2026-02-26 and republished it on 20 [truncated]
CVE-2022-47385 is a high-severity memory-corruption issue affecting CODESYS components used in multiple Festo Automation Suite versions. According to the CISA advisory, an authenticated remote attacker could trigger a stack-based out-of-bounds write in the CmpAppForce component, potentially causing denial of service, memory overwriting, or remote code execution. The advisory was initially published on 202 [truncated]
CVE-2022-47384 is a high-severity memory-corruption issue in the CmpTraceMgr component used by multiple CODESYS products and Festo Automation Suite deployments that include CODESYS. According to the advisory, an authenticated remote attacker can write data into the stack, which may result in denial of service, memory overwriting, or remote code execution. The supplied CVSS vector indicates network attacka [truncated]
CVE-2022-47381 is a high-severity flaw in CODESYS components used by Festo Automation Suite. The advisory says an authenticated remote attacker may trigger a stack-based out-of-bounds write, which can lead to denial of service, memory overwriting, or remote code execution. CISA published the advisory on 2026-02-26 and republished it with updated source material on 2026-03-17.
CVE-2022-47380 is a high-severity memory corruption issue affecting multiple CODESYS product versions used in Festo Automation Suite. According to the advisory, an authenticated remote attacker may trigger a stack-based out-of-bounds write, which can cause denial of service, memory overwriting, or remote code execution. The primary defensive takeaway is to ensure affected Festo Automation Suite deployment [truncated]
CVE-2022-47379 is an authenticated remote memory-corruption issue in multiple CODESYS products used with Festo Automation Suite. CISA’s advisory says the flaw can be used to write data into memory, potentially causing denial of service, memory overwriting, or remote code execution. The safest response is to update Festo Automation Suite and the separately installed CODESYS components to patched versions a [truncated]
CVE-2022-47378 is an authenticated remote denial-of-service vulnerability caused by improper input validation in multiple CODESYS products used in the Festo Automation Suite ecosystem. According to the CISA-republished advisory, an attacker with valid access can craft specific requests that trigger a service disruption. The issue was published on 2026-02-26 and later republished/updated on 2026-03-17 with [truncated]
CVE-2022-4224 is a high-severity industrial software flaw affecting CODESYS v3 components used with Festo Automation Suite. According to the CISA advisory, a remote user with low privileges could read and modify system files and OS resources or cause a denial of service on the device.
CVE-2022-4048 is a high-severity local attack against CODESYS Development System V3 versions prior to 3.5.18.40. In affected Festo Automation Suite deployments that bundled vulnerable CODESYS components, an unauthenticated local attacker could access and manipulate encrypted boot application code.
CVE-2022-32142 is a high-severity memory-corruption issue in CODESYS products as packaged with Festo Automation Suite. A low-privileged remote attacker can send a request with an invalid offset and trigger an out-of-bounds read or write, which can lead to denial of service or local memory overwrite. The advisory states that no user interaction is required and recommends moving to patched CODESYS builds fr [truncated]
CVE-2022-32141 affects multiple CODESYS products as republished in CISA’s ICSA-26-076-01 advisory for Festo Automation Suite. A remote attacker with low privileges can craft a request with an invalid offset, causing an internal buffer over-read and a denial-of-service condition. No user interaction is required. The advisory’s remediation focuses on using patched CODESYS releases and keeping Festo Automati [truncated]
CVE-2022-32140 describes a buffer overflow in multiple CODESYS products. A remote attacker with low privileges can craft a request that triggers a buffer copy without size checking, resulting in a denial-of-service condition. User interaction is not required. The advisory indicates an availability impact only, with no confidentiality or integrity impact listed.
CVE-2022-32139 affects multiple CODESYS products as referenced in the CISA CSAF advisory for Festo Automation Suite. A low-privileged remote attacker can craft a request that triggers an out-of-bounds read and results in denial of service without user interaction. The advisory was initially published on 2026-02-26 and republished on 2026-03-17.
CVE-2022-32137 affects multiple CODESYS products used with Festo Automation Suite. A low-privileged remote attacker can craft a request that triggers a heap-based buffer overflow, which may cause denial of service or memory overwrite. The supplied advisory does not require user interaction, and the CVSS score is 8.8 (High).
CVE-2022-32136 is a medium-severity denial-of-service issue affecting multiple CODESYS products as distributed with Festo Automation Suite. A low-privileged remote attacker can craft a request that triggers a read from an uninitialized pointer; no user interaction is required. The advisory recommends moving to patched CODESYS releases and keeping Festo Automation Suite components updated.
CVE-2022-31805 describes unprotected password transmission in multiple CODESYS Development System components used in the Festo Automation Suite advisory scope. CISA republished the vendor material as ICSA-26-076-01, and the published CVSS vector rates the issue 7.5 HIGH with network exposure and a confidentiality-only impact profile.