PatchSiren cyber security CVE debrief
CVE-2021-2166 Festo Didactic SE CVE debrief
CVE-2021-2166 is a denial-of-service issue in MySQL Server that, in the supplied CISA CSAF advisory, is mapped to Festo Didactic SE MES PC. A high-privileged attacker with network access can trigger a hang or repeatable crash, which can interrupt service availability. The supplier remediation points MES PC users to a current Factory Control Panel release that replaces XAMPP.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC operators, OT/plant administrators, and support teams responsible for systems that include the affected MySQL/XAMPP-based component stack, especially where high-privileged network access exists.
Technical summary
The supplied advisory describes CVE-2021-2166 as a MySQL Server vulnerability in the Server:DML component affecting Oracle MySQL 5.7.33 and earlier and 8.0.23 and earlier. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable issue that requires high privileges and impacts availability only. In the CISA republished CSAF, the affected vendor/product mapping is Festo Didactic SE MES PC, and the remediation notes direct customers to Factory Control Panel as a replacement for XAMPP.
Defensive priority
Medium. The issue does not indicate data theft or code execution, but it can repeatedly crash or hang the server. Prioritize faster if the MES PC is operationally critical or if privileged network access is broadly available.
Recommended defensive actions
- Confirm whether your MES PC deployment uses the affected component stack and whether the current Factory Control Panel release is installed.
- Contact Festo technical support at [email protected] to obtain the current Factory Control Panel version referenced in the advisory.
- Limit network exposure to the affected service and restrict privileged accounts to the smallest necessary set, following defense-in-depth and ICS recommended practices.
- Plan for service interruption: validate recovery procedures, backups, and restart procedures for any MES PC system where a crash would disrupt operations.
Evidence notes
The source corpus ties CVE-2021-2166 to a MySQL Server DoS condition and also maps it in the CISA CSAF advisory to Festo Didactic SE MES PC. The advisory states that successful attacks can cause a hang or frequently repeatable crash and that affected Oracle MySQL versions are 5.7.33 and prior and 8.0.23 and prior. The remediation entry says Factory Control Panel replaces XAMPP on MES PCs and points customers to Festo technical support for the current version. No KEV entry is present in the supplied data. The CVE published date used here is 2024-02-27; later source republication dates do not change that timing.
Official resources
-
CVE-2021-2166 CVE record
CVE.org
-
CVE-2021-2166 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This debrief uses the CVE published date of 2024-02-27 from the supplied advisory data. The source was later republished on 2026-01-27, but that republication does not alter the original CVE timing used here. No KEV listing is included in a