PatchSiren cyber security CVE debrief
CVE-2013-6501 Festo Didactic SE CVE debrief
CVE-2013-6501 is a PHP SOAP configuration weakness that uses /tmp as the default soap.wsdl_cache_dir in php.ini-production and php.ini-development through PHP 5.6.7. Because cached WSDL filenames are predictable, a local user can interfere with get_sdl processing and drive WSDL injection risk. In the provided CISA/Festo advisory context, this issue is tied to Festo Didactic SE MES PC, and the vendor remediation points to replacing the bundled component with Factory Control Panel.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Administrators and operators responsible for Festo Didactic SE MES PC deployments, plus teams maintaining PHP installations that still rely on php.ini-production or php.ini-development defaults. Systems that allow local user access on the host are especially relevant.
Technical summary
The vulnerable default places SOAP WSDL cache files in /tmp, a shared location. The advisory states that a local user can create a file with a predictable name that is later used by get_sdl in ext/soap/php_sdl.c, enabling WSDL injection. The source corpus assigns CVSS 3.0 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact despite the local-user prerequisite.
Defensive priority
High — prioritize if the affected MES PC or PHP host is in active use, allows local logins, or still relies on the default SOAP cache path.
Recommended defensive actions
- Replace the vulnerable MES PC component with the vendor-provided Factory Control Panel version referenced in the advisory.
- Review PHP hosts for soap.wsdl_cache_dir settings and move SOAP cache storage away from /tmp to a restricted directory.
- Restrict unnecessary local user access on affected hosts and apply least-privilege controls to cache and runtime directories.
- After remediation, restart the vulnerable component as required and verify the new configuration is in effect.
- Use CISA ICS defensive guidance and hardening practices to reduce the risk of local tampering on shared systems.
Evidence notes
The CISA CSAF source item (ICSA-26-027-02) republished the Festo advisory for MES PC and includes the CVE-2013-6501 description stating that php.ini-production and php.ini-development default soap.wsdl_cache_dir to /tmp, enabling local users to conduct WSDL injection attacks via predictable filenames used by get_sdl. The advisory also lists a vendor remediation: Factory Control Panel as a replacement for XAMPP on MES PCs, with a remediation date of 2023-05-26 in the source corpus. The provided record is published on 2024-02-27 and modified on 2026-01-27; no KEV entry or ransomware linkage is present in the supplied data.
Official resources
-
CVE-2013-6501 CVE record
CVE.org
-
CVE-2013-6501 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA/Festo advisory corpus; CISA republishes the advisory for MES PC and the record is not listed in KEV.