PatchSiren cyber security CVE debrief
CVE-2019-11039 Festo Didactic SE CVE debrief
CVE-2019-11039 is a critical PHP flaw in iconv_mime_decode_headers() that can trigger an out-of-buffer read when parsing MIME headers. The result can be information disclosure or a crash. In the supplied CISA advisory corpus, the issue is associated with Festo Didactic SE MES PC deployments, with remediation centered on replacing XAMPP-based software with Festo’s Factory Control Panel.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC operators, OT and plant IT administrators, engineering workstation owners, and security teams responsible for PHP/XAMPP-based components in industrial environments.
Technical summary
The vulnerability is an integer-overflow issue in PHP’s iconv_mime_decode_headers() MIME header parsing path. Affected versions are PHP 7.1.x below 7.1.30, 7.2.x below 7.2.19, and 7.3.x below 7.3.6. Because the parser may read beyond buffer boundaries, exposure can lead to unintended data disclosure or process termination. The supplied Festo advisory ties the issue to MES PC systems and states that Factory Control Panel is a replacement for XAMPP on those systems and includes fixes for these vulnerabilities.
Defensive priority
Immediate
Recommended defensive actions
- Inventory MES PC installations and identify any systems using affected PHP/XAMPP components.
- Verify PHP version levels against the affected ranges: 7.1.x < 7.1.30, 7.2.x < 7.2.19, and 7.3.x < 7.3.6.
- Obtain the current Factory Control Panel version from Festo technical support at [email protected], as referenced in the advisory.
- Plan and test the vendor replacement in a staging or maintenance window before rollout to production MES PCs.
- Treat unexpected crashes or abnormal behavior in the affected parsing path as a priority for investigation and remediation.
- Apply CISA ICS recommended practices for defense in depth and limit unnecessary access to OT workstations and management hosts.
Evidence notes
The supplied source item is the CISA CSAF advisory ICSA-26-027-02 for Festo Didactic SE MES PC, which references CVE-2019-11039 and states the PHP version ranges and impact. It also lists the vendor remediation: Factory Control Panel as a replacement for XAMPP on MES PCs, with fixes available through Festo technical support. The corpus shows advisory publication on 2024-02-27 and a CISA republication on 2026-01-27; those are source-record dates, not the original flaw origin date.
Official resources
-
CVE-2019-11039 CVE record
CVE.org
-
CVE-2019-11039 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This debrief is based only on the supplied CISA CSAF source corpus and official links. The advisory context maps a PHP vulnerability to Festo Didactic SE MES PC deployments and recommends a vendor replacement for XAMPP-based software.