CVE-2021-21704 Festo Didactic SE CVE debrief

Who should care

Festo MES PC operators, OT/automation teams, and administrators responsible for PHP-based components that connect to Firebird databases, especially where the database server is not fully trusted or is externally reachable.

Technical summary

The advisory says PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8 are affected when using the Firebird PDO driver extension. A malicious database server can return invalid response data that the driver does not parse correctly, which can lead to application crashes and denial of service; the source also notes possible memory corruption. CISA’s supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (5.9, Medium).

Defensive priority

Moderate: prioritize patching and component verification soon, especially for MES PC deployments that use Firebird PDO or depend on database availability.

Recommended defensive actions

• Inventory MES PC and related systems to confirm whether PHP is present and whether the Firebird PDO driver is in use.
• Upgrade PHP to a fixed release at or above 7.3.29, 7.4.21, or 8.0.8, depending on the branch in use.
• Use Festo’s Factory Control Panel replacement for XAMPP on MES PCs and obtain the current version through Festo technical support.
• Restrict and segment database connectivity so only trusted servers can reach the affected application.
• Test the update in a maintenance window and verify database functions continue to work normally after remediation.

Evidence notes

The supplied CISA CSAF advisory ICSA-26-027-02 states that invalid response data from a malicious Firebird database server can crash PHP Firebird PDO functions and cause denial of service, with potential memory corruption. The same advisory ties the issue to PHP 7.3/7.4/8.0 fixed versions and recommends Factory Control Panel as the replacement for XAMPP on MES PCs. The supplied enrichment does not list the issue in CISA KEV.

Official resources