PatchSiren cyber security CVE debrief
CVE-2020-2760 Festo Didactic SE CVE debrief
CVE-2020-2760 is described in the source advisory as a MySQL Server/InnoDB vulnerability that can be abused by a high-privileged attacker with network access over multiple protocols. The reported outcomes include a repeatable server crash or hang, plus limited unauthorized data modification on affected MySQL Server installations. In the supplied CISA/Festo advisory context, this CVE is republished for Festo Didactic SE MES PC, but the vulnerability description itself references Oracle MySQL Server and specific affected MySQL versions.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and administrators responsible for Festo MES PC deployments, especially where the bundled or underlying software stack includes MySQL Server components; defenders should also care if their environment depends on the affected MySQL versions or related replacement software referenced by the advisory.
Technical summary
The supplied record gives CVSS 3.1 vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H (score 5.5, Medium). The attack requires high privileges and network access, and the source says multiple protocols may be used. Successful exploitation can result in a hang or frequently repeatable crash of MySQL Server, and can also permit unauthorized insert, update, or delete actions against some accessible data. The advisory text cites affected Oracle MySQL Server versions 5.7.29 and prior, and 8.0.19 and prior.
Defensive priority
Medium. This is not marked as a CISA KEV item in the supplied data, but it can still affect availability and data integrity. Prioritize if the affected MySQL component is present in a production MES PC deployment or any service with high-privilege network access paths.
Recommended defensive actions
- Verify whether the deployed MES PC stack contains the affected MySQL Server/InnoDB component and whether the listed versions are present.
- Follow the vendor advisory and obtain the current Factory Control Panel version referenced as the replacement for XAMPP on MES PCs.
- Use the official Festo support contact named in the advisory to confirm the applicable fixed release and upgrade path.
- Restrict and review high-privilege network access to the affected service paths, since the source says exploitation requires high privileges and network access.
- Monitor for repeatable crashes, hangs, or unexpected data modification symptoms on affected systems.
- Track the CISA and vendor advisory references for any scope clarifications or updated remediation guidance.
Evidence notes
The source item is a CISA CSAF republication of a Festo Didactic SE advisory. The vulnerability description in the corpus explicitly references Oracle MySQL Server/InnoDB and affected versions 5.7.29 and prior and 8.0.19 and prior. The remediation section states that Festo Didactic has released Factory Control Panel as a replacement for XAMPP on its MES PCs and directs customers to technical support for the current version. The record was initially published on 2024-02-27 and later republished by CISA on 2026-01-27. No KEV enrichment is present in the supplied data.
Official resources
-
CVE-2020-2760 CVE record
CVE.org
-
CVE-2020-2760 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied record on 2024-02-27, with a later CISA republication on 2026-01-27. The source advisory does not mark this CVE as a KEV item.