PatchSiren cyber security CVE debrief
CVE-2020-2752 Festo Didactic SE CVE debrief
CVE-2020-2752 is a medium-severity denial-of-service vulnerability in Oracle MySQL Client's C API. In the Festo Didactic SE advisory context, the issue is tied to MES PC deployments that rely on the affected MySQL client components. The impact described in the source material is a hang or frequently repeatable crash of the client, which can disrupt availability but is not described as a confidentiality or integrity issue.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and administrators responsible for Festo Didactic SE MES PC environments, especially where bundled client components or XAMPP-based setups are still in use. Security teams should also care if any systems expose the affected MySQL client pathways to network access.
Technical summary
The source advisory describes a MySQL Client C API vulnerability affecting Oracle MySQL client versions 5.6.47 and prior, 5.7.27 and prior, and 8.0.17 and prior. It is network-reachable, requires low privileges, and can be triggered through multiple protocols. Successful exploitation can cause a hang or repeatable crash of the MySQL Client, resulting in denial of service. The supplied CSAF material for Festo Didactic SE maps the remediation to replacing XAMPP with Factory Control Panel on MES PCs.
Defensive priority
Medium priority for availability-sensitive MES PC environments. The issue is not described as leading to code execution or data theft, but repeated client crashes can still interrupt operations and should be addressed in normal patching cycles, or sooner if the affected client is exposed in production workflows.
Recommended defensive actions
- Inventory MES PC systems that rely on Oracle MySQL Client or bundled XAMPP components.
- Apply the vendor-recommended replacement: obtain the current Factory Control Panel version from Festo technical support.
- Confirm that any affected MySQL client components are updated to versions outside the vulnerable ranges noted in the advisory.
- Restrict network exposure to client services and limit access to trusted hosts where possible.
- Monitor for repeated crashes, hangs, or unexpected client restarts in MES PC environments.
- Use the linked CISA and vendor advisory references to verify whether your deployment matches the affected product tree.
Evidence notes
This debrief is based only on the supplied CSAF source item and the linked official references. The advisory text explicitly states the affected Oracle MySQL Client versions, the network-accessible low-privilege attack conditions, and the denial-of-service impact. The Festo remediation entry states that Factory Control Panel replaces XAMPP on MES PCs and includes fixes for the vulnerabilities. No exploit code or unsupported impact claims are included.
Official resources
-
CVE-2020-2752 CVE record
CVE.org
-
CVE-2020-2752 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published in the supplied timeline on 2024-02-27. The source item was also published on 2024-02-27 and later republished by CISA in 2026; this debrief uses the CVE publication date and source timeline only for context.