PatchSiren cyber security CVE debrief
CVE-2020-7060 Festo Didactic SE CVE debrief
CVE-2020-7060 is an out-of-bounds read in PHP’s mbstring conversion path, specifically mbfl_filt_conv_big5_wchar, when processing certain multibyte encodings. In the supplied CISA CSAF record, the issue is mapped to Festo Didactic SE MES PC and described as potentially causing information disclosure or a crash.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Administrators and operators of Festo Didactic SE MES PC deployments, especially environments that include bundled PHP/XAMPP components or otherwise rely on the affected mbstring code paths. Security teams responsible for OT or industrial workstation fleets should treat affected hosts as high priority until they are inventoried and remediated.
Technical summary
The advisory describes a memory-safety flaw in PHP 7.2.x below 7.2.27, 7.3.x below 7.3.14, and 7.4.x below 7.4.2. When certain mbstring functions convert multibyte encodings, mbfl_filt_conv_big5_wchar can read past the allocated buffer. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H, which aligns with network-reachable exposure and impact to confidentiality and availability.
Defensive priority
Critical. Prioritize rapid inventory and replacement or upgrade because the supplied vector indicates no privileges and no user interaction are required, while impact includes information disclosure and crash. If MES PC systems support production or lab operations, remediation should be scheduled immediately rather than deferred to routine maintenance.
Recommended defensive actions
- Inventory all Festo Didactic MES PC hosts and identify any bundled PHP/XAMPP components or services that use the affected mbstring code paths.
- Obtain and deploy the current vendor-provided Factory Control Panel from Festo technical support, which the advisory says includes fixes for these vulnerabilities.
- If PHP is managed separately, verify that the installed version is at least 7.2.27, 7.3.14, or 7.4.2, or a later supported release.
- Restrict exposure of affected systems to trusted networks and limit access to only required users and services until remediation is complete.
- Monitor for unexpected crashes or anomalous behavior in services that process multibyte text, and validate remediation against the official CISA and Festo references.
Evidence notes
This debrief is based on the supplied CISA CSAF source item ICSA-26-027-02 and its linked official references. The source explicitly states the buffer over-read condition in mbfl_filt_conv_big5_wchar, the affected PHP version ranges, and the vendor remediation path through Factory Control Panel. Timing context uses the supplied CVE publishedAt value of 2024-02-27T12:00:00Z and modifiedAt value of 2026-01-27T16:20:28.099Z; the later republication timestamp is not treated as the original vulnerability date.
Official resources
-
CVE-2020-7060 CVE record
CVE.org
-
CVE-2020-7060 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly documented in the CISA CSAF advisory ICSA-26-027-02, with source metadata published on 2024-02-27 and republished on 2026-01-27.