PatchSiren cyber security CVE debrief
CVE-2021-2022 Festo Didactic SE CVE debrief
CVE-2021-2022 is publicly documented in the supplied CISA/Festo advisory context as a MySQL Server InnoDB issue that can let a highly privileged network attacker trigger a hang or repeatable crash, resulting in denial of service. The advisory context is Festo Didactic SE MES PC, and the supplied remediation points customers to a replacement Factory Control Panel release that includes fixes.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC owners and operators, OT/ICS administrators, and IT teams responsible for the bundled MySQL/XAMPP environment or any system where high-privilege network access is available.
Technical summary
The supplied advisory text describes a vulnerability in Oracle MySQL Server, component InnoDB, affecting versions 5.6.50 and prior, 5.7.32 and prior, and 8.0.22 and prior. Exploitation is described as difficult and requires a high-privileged attacker with network access via multiple protocols. Successful attacks can cause a hang or frequently repeatable crash of MySQL Server, producing a complete denial of service. The remediation guidance in the Festo advisory states that Factory Control Panel replaces XAMPP on MES PCs and includes fixes for these vulnerabilities.
Defensive priority
Medium. The impact is denial of service rather than code execution, and the source rates exploitability as difficult, but the affected systems appear to be industrial/operational assets where service interruption may still be important.
Recommended defensive actions
- Inventory MES PC deployments and confirm whether the affected MySQL/InnoDB versions or bundled components are present.
- Contact Festo technical support at [email protected] to obtain the current Factory Control Panel version referenced in the advisory.
- Plan and test the replacement in a maintenance window; the supplied remediation indicates a restart is required for the vulnerable component.
- Limit network access to affected systems, especially high-privilege administrative paths and only the protocols that are operationally necessary.
- Monitor for MySQL service hangs, repeated crashes, and related logs so that any denial-of-service condition can be detected and triaged quickly.
Evidence notes
The supplied source is a CISA CSAF advisory republished from Festo context, published 2024-02-27 and modified/revised through 2026-01-27. It identifies CVE-2021-2022 in the MES PC advisory context and cites the vulnerability description, affected version ranges, and Festo remediation guidance. The remediation entry states that Factory Control Panel was released as a replacement for XAMPP on MES PCs and includes fixes. No KEV date or ransomware campaign data is present in the supplied corpus.
Official resources
-
CVE-2021-2022 CVE record
CVE.org
-
CVE-2021-2022 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through vendor and CISA advisory channels; the supplied corpus does not indicate a KEV listing or known ransomware use.