top of page
perceptive_background_267k.jpg

Festo Compact Vision System, Control Block, Controller, and Operator Unit products

Published:

25 november 2025 om 12:00:00

Alert date:

5 december 2025 om 08:03:23

Source:

cisa.gov

Click to open the original link from this advisory

CISA advisory for critical vulnerabilities in Festo Compact Vision System, Control Block, Controller, and Operator Unit products. CVE-2022-22515 allows authenticated attackers to read/modify configuration files via CODESYS Control runtime. CVE-2022-31806 involves insecure default initialization with no password protection enabled by default in CODESYS V2. Both vulnerabilities are remotely exploitable with low attack complexity. All versions of affected Festo products are vulnerable. Mitigations include enabling password protection and using online user management.

Technical details

Mitigation steps:

Affected products:

Festo Compact Vision System SBO
Festo Control Block CPX-CEC
Festo Controller CECC
Festo Controller CECX
Festo Controller CPX-E-CEC
Festo Controller FED-CEC
Festo Operator Unit CDPX
CODESYS Control Runtime System

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-05
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/668.html
https://www.cve.org/CVERecord?id=CVE-2022-22515
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
https://cwe.mitre.org/data/definitions/1188.html
https://www.cve.org/CVERecord?id=CVE-2022-31806
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
https://certvde.com/en/advisories/VDE-2022-037/
https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2022/fsa-202208.json
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page