PatchSiren cyber security CVE debrief
CVE-2021-2174 Festo Didactic SE CVE debrief
CVE-2021-2174 is a medium-severity availability issue tied in the source corpus to Festo Didactic MES PC and an upstream Oracle MySQL InnoDB component. The CVE text says a high-privileged attacker with network access via multiple protocols can cause MySQL Server to hang or repeatedly crash, resulting in complete denial of service. Supported Oracle MySQL versions cited as affected are 5.7.33 and prior, and 8.0.23 and prior. In the corpus, Festo states that Factory Control Panel replaced XAMPP on MES PCs and that the current version includes fixes; the vendor remediation date is listed as 2023-05-26.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and administrators of Festo Didactic MES PC environments, especially systems still using older Factory Control Panel/XAMPP-based deployments or embedded MySQL components, should review exposure. This is most relevant where remote administrative access exists and service availability matters to training or production workflows.
Technical summary
The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H, which matches a network-reachable denial-of-service condition that requires high privileges and no user interaction. The source description does not provide a deeper root-cause analysis beyond the InnoDB component and the resulting hang or frequently repeatable crash. Because confidentiality and integrity impacts are not indicated, the practical risk is service disruption rather than data theft or modification.
Defensive priority
Medium priority. Plan remediation in the normal patch window, but accelerate if the MES PC is remotely administered, highly exposed, or operational downtime would significantly affect training or industrial workflow.
Recommended defensive actions
- Identify MES PCs and confirm whether they still use affected Oracle MySQL versions or older bundled components referenced in the advisory.
- Obtain and deploy the current Factory Control Panel from Festo technical support, as the source remediation notes say it includes fixes for these vulnerabilities.
- Restrict network access to administrative and database services to only trusted management hosts and privileged users.
- Validate service recovery procedures and backups, since the described impact is repeated crash or hang rather than data compromise.
- Monitor affected systems for unusual crashes or restarts and verify that any replacement component is on the vendor-supported version.
Evidence notes
The corpus ties CVE-2021-2174 to the CISA-republished Festo Didactic SE MES PC advisory and explicitly states that exploitation requires high privileges, network access, and can cause a hang or repeatable crash of MySQL Server. The remediation entry dated 2023-05-26 says Festo released Factory Control Panel as a replacement for XAMPP on MES PCs and that the current version includes fixes. Timing context in the corpus shows the CISA source published on 2024-02-27 and republished on 2026-01-27.
Official resources
-
CVE-2021-2174 CVE record
CVE.org
-
CVE-2021-2174 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published 2024-02-27 and modified 2026-01-27 in the supplied corpus. The source also records a vendor remediation dated 2023-05-26, so fix availability predates the later CISA republication context.