PatchSiren cyber security CVE debrief
CVE-2021-2144 Festo Didactic SE CVE debrief
CVE-2021-2144 is a high-severity Oracle MySQL Server vulnerability called out in the supplied Festo Didactic SE MES PC advisory context. The advisory describes a network-reachable issue in the MySQL Server parser component, notes that exploitation is easy for a high-privileged attacker using multiple protocols, and states that successful attacks can lead to takeover of MySQL Server. For MES PC deployments, the supplied remediation points to Factory Control Panel as the replacement for XAMPP and says the current version includes fixes.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo MES PC operators, OT/ICS administrators, Oracle MySQL administrators, and security teams responsible for remotely reachable database services should prioritize this advisory if affected versions are present. Systems exposing the vulnerable MySQL Server component, especially where high-privileged access is available, deserve the fastest review.
Technical summary
The supplied record identifies CVE-2021-2144 as a parser-related vulnerability in Oracle MySQL Server. Affected versions are 5.7.29 and prior, and 8.0.19 and prior. The vulnerability is network accessible via multiple protocols and requires a high-privileged attacker, with impact described as takeover of MySQL Server and CVSS 3.1 vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (7.2 High).
Defensive priority
High for exposed or still-supported deployments; the attack requires high privileges, but the impact is severe and the advisory recommends replacement/fix action rather than deferral.
Recommended defensive actions
- Verify whether the MES PC deployment includes the affected Oracle MySQL Server versions identified in the advisory.
- Migrate to the current Factory Control Panel version referenced in the remediation, which is described as including fixes.
- Remove or restrict unnecessary network access to the MySQL service and limit protocol exposure to only what is required.
- Review who has high-privilege access to the affected system and reduce privileged access paths where possible.
- Use the CISA ICS advisory and vendor references to confirm your exact product/version mapping before making changes.
Evidence notes
The supplied CISA CSAF source item (ICSA-26-027-02) provides the vulnerability description, affected versions, CVSS vector, and remediation note for Festo Didactic SE MES PC. The remediation states that Factory Control Panel replaces XAMPP on MES PCs and includes fixes for these vulnerabilities. The CVE.org record is the canonical CVE reference. Supplied enrichment shows no Known Exploited Vulnerabilities (KEV) entry.
Official resources
-
CVE-2021-2144 CVE record
CVE.org
-
CVE-2021-2144 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE/public advisory timing is based on the supplied dates: initial publication on 2024-02-27 and CISA republication on 2026-01-27. No KEV date was supplied, and the enrichment indicates this is not a known exploited vulnerability in the 제공된