← Back to home
ICSA-26-076-01  ·  Published 2026-03-17  ·  View on CISA ICS-CERT ↗

CODESYS in Festo Automation Suite

CVSS 9.8 CRITICAL CISA KEV — Known Exploited

CVEs (126)

CVE-2025-2595 CVE-2010-5250 CVE-2017-3735 CVE-2018-0739 CVE-2018-10612 CVE-2018-20025 CVE-2018-20026 CVE-2019-13532 CVE-2019-13538 CVE-2019-13542 CVE-2019-13548 CVE-2019-18858 CVE-2019-19789 CVE-2019-5105 CVE-2019-9008 CVE-2019-9009 CVE-2019-9010 CVE-2019-9011 CVE-2019-9012 CVE-2019-9013 CVE-2020-10245 CVE-2020-12067 CVE-2020-12068 CVE-2020-12069 CVE-2020-14509 CVE-2020-14513 CVE-2020-14515 CVE-2020-14517 CVE-2020-14519 CVE-2020-15806 CVE-2020-16233 CVE-2020-7052 CVE-2021-21863 CVE-2021-21864 CVE-2021-21865 CVE-2021-21866 CVE-2021-21867 CVE-2021-21868 CVE-2021-21869 CVE-2021-29239 CVE-2021-29240 CVE-2021-29241 CVE-2021-29242 CVE-2021-30186 CVE-2021-30187 CVE-2021-30188 CVE-2021-30190 CVE-2021-30195 CVE-2021-33485 CVE-2021-33486 CVE-2021-34593 CVE-2021-34595 CVE-2021-34596 CVE-2021-36763 CVE-2021-36764 CVE-2021-36765 CVE-2022-1965 CVE-2022-1989 CVE-2022-22508 CVE-2022-22513 CVE-2022-22514 CVE-2022-22515 CVE-2022-22516 CVE-2022-22517 CVE-2022-22519 CVE-2022-30791 CVE-2022-30792 CVE-2022-31805 CVE-2022-31806 CVE-2022-32136 CVE-2022-32137 CVE-2022-32138 CVE-2022-32139 CVE-2022-32140 CVE-2022-32141 CVE-2022-32142 CVE-2022-32143 CVE-2022-4046 CVE-2022-4048 CVE-2022-4224 CVE-2022-47378 CVE-2022-47379 CVE-2022-47380 CVE-2022-47381 CVE-2022-47383 CVE-2022-47384 CVE-2022-47385 CVE-2022-47386 CVE-2022-47387 CVE-2022-47388 CVE-2022-47389 CVE-2022-47390 CVE-2022-47391 CVE-2022-47392 CVE-2022-47393 CVE-2023-3662 CVE-2023-3663 CVE-2023-3669 CVE-2023-3670 CVE-2023-37545 CVE-2023-37546 CVE-2023-37547 CVE-2023-37548 CVE-2023-37549 CVE-2023-37550 CVE-2023-37551 CVE-2023-37552 CVE-2023-37553 CVE-2023-37554 CVE-2023-37555 CVE-2023-37556 CVE-2023-37557 CVE-2023-37558 CVE-2023-37559 CVE-2023-3935 CVE-2023-49675 CVE-2023-49676 CVE-2023-6357 CVE-2024-5000 CVE-2024-8175 CVE-2025-0694 CVE-2025-1468 CVE-2025-41658 CVE-2025-41659 CVE-2020-11023 CVE-2022-47382

Remediations

  • Starting from Festo Automation Suite version 2.8.0.138, Codesys is no longer bundled with the suite and must be downloaded and installed separately by the customer. To mitigate this vulnerability customers are advised to: Download the latest, patched version of Codesys directly from the official Codesys website. Follow the installation and update instructions provided by Codesys to ensure all security fixes are applied. Regularly monitor Codesys security advisories and apply updates promptly. Maintain the Festo Automation Suite connector up to date by installing FAS updates as released by Festo.
  • Starting from Festo Automation Suite version 2.8.0.138, Codesys is no longer bundled with the suite and must be downloaded and installed separately by the customer. To mitigate this vulnerability customers are advised to: Download the latest, patched version of Codesys directly from the official Codesys website. Follow the installation and update instructions provided by Codesys to ensure all security fixes are applied. Regularly monitor Codesys security advisories and apply updates promptly. Maintain the Festo Automation Suite connector up to date by installing FAS updates as released by Festo.

Affected Vendors

CODESYS FESTO

Affected Products (6)

FESTO · Festo Automation Suite vers:generic/<2.8.0.138
FESTO · Festo Automation Suite 2.8.0.138
FESTO · Festo Automation Suite 2.8.0.137
CODESYS · CODESYS Development System 3.5.21.20
CODESYS · CODESYS Development System 3.0
CODESYS · CODESYS Development System 3.5.16.10

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more