CP
cyberpings
VulnerabilitiesHIGH

CODESYS Vulnerabilities - Critical Flaws in Festo Suite

CICISA Advisories
CODESYSFesto Automation SuiteCVE-2025-2595CVE-2010-5250CVE-2017-3735
🎯

Basically, there are serious security holes in a software used for automation that need fixing.

Quick Summary

Critical vulnerabilities have been discovered in CODESYS within Festo Automation Suite. Users must upgrade to the latest versions to avoid severe risks. Stay secure by applying updates promptly.

The Flaw

Recent findings have identified critical vulnerabilities in the CODESYS software integrated within the Festo Automation Suite. Specifically, versions prior to 2.8.0.138 are affected. This includes installations with CODESYS Development System versions 3.0 and 3.5.16.10. The vulnerabilities range from untrusted search path issues to improper access controls, which could allow attackers to exploit these flaws remotely.

The CVSS score for these vulnerabilities is notably high, with some rated as 9.8, indicating a severe risk to users. Attackers could leverage these vulnerabilities to bypass user management, perform unauthorized actions, or even execute remote code.

What's at Risk

Organizations utilizing the Festo Automation Suite for critical manufacturing processes are at significant risk. The vulnerabilities could lead to unauthorized access to sensitive automation controls, potentially disrupting operations or leading to data breaches. This is particularly concerning for industries relying on industrial control systems (ICS) where security is paramount.

The implications of these vulnerabilities extend beyond immediate operational risks; they could also affect compliance with industry regulations and standards, leading to further repercussions for affected organizations.

Patch Status

Festo has released guidance on how to mitigate these vulnerabilities. Starting from version 2.8.0.138, CODESYS is no longer bundled with the Festo Automation Suite, requiring users to download and install it separately. Users are strongly advised to upgrade to the latest patched versions of CODESYS, specifically 3.5.21.20, to ensure all known security issues are addressed.

Additionally, regular monitoring of CODESYS security advisories is recommended to stay informed about new vulnerabilities and updates. Users should also ensure that their Festo Automation Suite connectors are kept up to date with the latest patches.

Immediate Actions

To protect against these vulnerabilities, users should take the following steps:

  • Upgrade to Festo Automation Suite version 2.8.0.138 or later.
  • Download the latest version of CODESYS directly from the official website.
  • Follow installation and update instructions carefully to apply all security fixes.
  • Monitor for any new advisories or updates from CODESYS and Festo.

By taking these actions, organizations can significantly reduce their risk exposure and enhance the security of their automation systems.

🔒 Pro insight: The high CVSS scores indicate immediate action is required; organizations should prioritize patching to mitigate potential exploits.

Original article from

CISA Advisories · CISA

Read Full Article

Share

Related Pings

HIGHVulnerabilities

GitHub Security Advisory - Critical Vulnerabilities Addressed

GitHub has issued a security advisory for vulnerabilities in multiple Enterprise Server versions. Users must update to secure their systems against potential threats. Timely patching is essential to safeguard sensitive data and maintain security.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

AI Vulnerabilities - Data Exfiltration Risks Uncovered

New vulnerabilities in AI systems like Amazon Bedrock and LangSmith have been uncovered. These flaws could allow attackers to exfiltrate sensitive data and execute harmful code. Immediate action is needed to secure these platforms and protect user information.

The Hacker News·
HIGHVulnerabilities

Vulnerabilities in IP KVMs - Security Risks Exposed

Researchers disclosed nine vulnerabilities in IP KVMs from four manufacturers, exposing networks to serious risks. Many devices remain unpatched, making them easy targets for attackers. It's crucial for admins to secure these devices promptly.

Ars Technica Security·
CRITICALVulnerabilities

Vulnerabilities in Schneider Electric SCADAPack - Urgent Alert

Schneider Electric has revealed a critical vulnerability in its SCADAPack RTUs. This flaw could allow unauthorized access, risking system integrity and safety. Immediate updates are essential for protection.

CISA Advisories·
HIGHVulnerabilities

Vulnerability in Schneider Electric EcoStruxure IT Software

Schneider Electric has revealed a serious vulnerability in its EcoStruxure IT Data Center Expert software. This flaw could allow hackers to access sensitive information. Users must act quickly to apply the necessary patches or mitigations to secure their systems.

CISA Advisories·
HIGHVulnerabilities

Siemens SICAM SIAPP SDK - Multiple Vulnerabilities Found

Siemens has identified multiple vulnerabilities in its SICAM SIAPP SDK. Users are urged to update to version 2.1.7 to avoid potential disruptions. This is crucial for maintaining operational integrity in critical manufacturing sectors.

CISA Advisories·