PatchSiren cyber security CVE debrief
CVE-2021-21702 Festo Didactic SE CVE debrief
CVE-2021-21702 is a PHP denial-of-service vulnerability that can crash affected PHP processes when the SOAP extension parses malformed XML returned by a malicious SOAP server. In the CISA-republished Festo Didactic SE advisory, the issue is associated with MES PC environments and a replacement Factory Control Panel release. The primary risk is loss of availability, not data theft or code execution.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Organizations running PHP 7.3.x below 7.3.27, 7.4.x below 7.4.15, or 8.0.x below 8.0.2 with the SOAP extension enabled should care, especially if those PHP components are used in Festo Didactic SE MES PC deployments or other internet-reachable or partner-facing integrations. Operations and platform teams responsible for industrial or production-support systems should prioritize this because a crash can interrupt service availability.
Technical summary
The flaw exists in PHP’s SOAP extension: if a SOAP client connects to a malicious or compromised SOAP server that returns malformed XML, PHP may access a null pointer and crash. The supplied advisory describes the impact as a crash, and the CVSS vector reflects a network-reachable availability issue (CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Affected versions listed in the advisory are PHP 7.3.x before 7.3.27, 7.4.x before 7.4.15, and 8.0.x before 8.0.2.
Defensive priority
High for any exposed or operationally critical PHP SOAP deployment; medium otherwise. Because the impact is service crash and the attack requires only network access to a SOAP interaction path, systems that rely on continuous availability should be patched or replaced promptly.
Recommended defensive actions
- Upgrade PHP to a fixed release at or above 7.3.27, 7.4.15, or 8.0.2, depending on your supported branch.
- If you use Festo Didactic SE MES PC systems, follow the vendor remediation guidance and obtain the current Factory Control Panel release from Festo technical support.
- Inventory where the SOAP extension is enabled and identify any services that contact untrusted or externally reachable SOAP endpoints.
- Reduce exposure to untrusted SOAP servers and place network controls around systems that must communicate with them.
- Monitor affected hosts and application logs for unexpected PHP crashes or repeated service restarts until remediation is complete.
Evidence notes
The source corpus states that a malicious SOAP server can return malformed XML causing PHP to access a null pointer and crash, and lists affected PHP versions. The CISA CSAF republished advisory ties the issue to Festo Didactic SE MES PC and states that Factory Control Panel replaced XAMPP on MES PCs, with fixes included in the current version available through vendor support. The record includes no KEV listing and no ransomware-campaign attribution.
Official resources
-
CVE-2021-21702 CVE record
CVE.org
-
CVE-2021-21702 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the source advisory dated 2024-02-27, with a later CISA republication reflected in the source metadata on 2026-01-27. The vendor remediation date supplied in the corpus is 2023-05-26. No KEV entry is listed in the data