PatchSiren cyber security CVE debrief
CVE-2020-2780 Festo Didactic SE CVE debrief
The supplied advisory corpus links CVE-2020-2780 to Festo Didactic SE MES PC and describes a network-reachable denial-of-service condition that can let a low-privileged attacker cause a hang or repeatable crash of the MySQL Server component. The advisory notes that supported Oracle MySQL versions at issue were 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. Festo’s stated remediation is to move MES PCs to the replacement Factory Control Panel release that includes fixes.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and maintainers of Festo Didactic SE MES PC systems, especially environments still relying on the vulnerable bundled MySQL/XAMPP-related component path referenced in the advisory. Asset owners who manage network-accessible industrial, lab, or training systems should prioritize this because availability loss can disrupt operations even without data theft.
Technical summary
The source description characterizes the issue as an easily exploitable denial-of-service vulnerability in Oracle MySQL Server (Server: DML). It requires only low privileges and network access, and the impact is limited to availability: a hang or frequently repeatable crash of the MySQL Server process. The advisory corpus also maps the CVE to Festo Didactic SE MES PC and recommends replacing XAMPP-based MES PC software with Factory Control Panel as the fixed product path.
Defensive priority
Medium-high. CVSS 6.5/Medium reflects availability-only impact, but the attack is network-reachable and low-privilege, so exposed MES PC deployments should treat it as operationally significant.
Recommended defensive actions
- Confirm whether any MES PC installations still use the affected software path described in the advisory corpus.
- Obtain and deploy the current Factory Control Panel version from Festo technical support as the stated vendor fix.
- Inventory network exposure to the MES PC/MySQL service path and restrict access to trusted administrative networks where possible.
- Monitor for repeated MySQL service hangs or crashes on affected hosts and validate service recovery procedures.
- Track the referenced CISA/CERT-VDE advisory and vendor PSIRT pages for any updated remediation guidance.
Evidence notes
The source corpus explicitly states: (1) the advisory is for Festo Didactic SE MES PC; (2) the vulnerability description is for Oracle MySQL Server, component Server: DML; (3) affected MySQL versions are 5.6.47 and prior, 5.7.29 and prior, and 8.0.19 and prior; (4) the impact is a hang or repeatable crash causing complete DoS; and (5) the vendor remediation is replacement with Factory Control Panel. The corpus does not mark this as a KEV item and does not provide ransomware linkage.
Official resources
-
CVE-2020-2780 CVE record
CVE.org
-
CVE-2020-2780 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The CVE record in the supplied timeline is published 2024-02-27 and was modified 2026-01-27. The source corpus also shows a later CISA republication on 2026-01-27, but that is not the original issue date.