PatchSiren cyber security CVE debrief
CVE-2021-2032 Festo Didactic SE CVE debrief
CVE-2021-2032 is a medium-severity information disclosure issue in Oracle MySQL Server that CISA republished in a Festo Didactic SE MES PC advisory. According to the supplied advisory text, an attacker with low privileges and network access could read a subset of MySQL Server-accessible data. The vendor remediation points to replacing XAMPP with Factory Control Panel for affected MES PCs.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Organizations running Festo Didactic SE MES PC systems, especially where the supported software stack includes Oracle MySQL Server components, should review exposure. Security teams responsible for industrial or lab training environments using these systems should prioritize validation of the vendor replacement guidance and any downstream dependencies on XAMPP or related components.
Technical summary
The advisory text describes a MySQL Server vulnerability in the Information Schema component affecting Oracle MySQL 5.7.32 and earlier, and 8.0.22 and earlier. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) indicates network-reachable exploitation requiring low privileges and resulting in limited confidentiality impact. In the republished Festo advisory, the affected product context is MES PC, and the listed vendor fix is to obtain the current Factory Control Panel version that replaces XAMPP on MES PCs.
Defensive priority
Medium. The issue is network-exploitable and can expose data, but the supplied CVSS score is 4.3 and no integrity or availability impact is indicated in the provided record.
Recommended defensive actions
- Review whether any MES PC deployments still rely on the affected MySQL Server versions identified in the advisory text (5.7.32 and prior; 8.0.22 and prior).
- Obtain the current Factory Control Panel release from Festo technical support as directed in the remediation notes.
- Inventory MES PC installations to confirm whether XAMPP or other bundled components are still present and whether replacement guidance has been applied.
- Restrict network access to administrative and application services so low-privilege remote access is not broadly available.
- Monitor for unauthorized data access attempts affecting MySQL-backed information schema or related management interfaces.
Evidence notes
All statements are taken from the supplied CISA CSAF source item and its referenced remediation note. The CVE description explicitly says the vulnerability is in Oracle MySQL Server (Information Schema), affects 5.7.32 and prior and 8.0.22 and prior, and allows unauthorized read access to a subset of accessible data. The source advisory metadata ties the record to Festo Didactic SE MES PC and lists remediation to replace XAMPP with Factory Control Panel. Published date used here is the CVE/source publishedAt value of 2024-02-27; the 2026-01-27 value is a later republication/modified timestamp, not the original issue date.
Official resources
-
CVE-2021-2032 CVE record
CVE.org
-
CVE-2021-2032 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF source item published 2024-02-27 and republished/modified 2026-01-27. Vendor remediation note indicates Factory Control Panel is the replacement for XAMPP on MES PCs, with contact via [email protected] for the current版本.