PatchSiren cyber security CVE debrief
CVE-2021-2180 Festo Didactic SE CVE debrief
CVE-2021-2180 is described in the supplied record as a network-reachable MySQL Server/InnoDB issue that can let a high-privilege attacker trigger a hang or repeatable crash, resulting in complete denial of service. The same CISA CSAF source also associates the CVE with Festo Didactic SE MES PC and recommends replacing XAMPP with Factory Control Panel as the vendor fix path. Because the source description and product attribution do not fully line up, treat the advisory as high-value for validation and remediation tracking rather than assuming a single, straightforward product mapping.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and maintainers of Festo Didactic SE MES PC, industrial/OT asset owners that rely on the affected advisory, and defenders responsible for MySQL-based components or bundled runtime stacks exposed to network access with elevated privileges.
Technical summary
The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating network access, low attack complexity, no user interaction, and high privileges are required. The impact described is availability-only: successful exploitation can cause a hang or frequently repeatable crash of MySQL Server (complete DoS). The CISA CSAF entry ties this CVE to Festo Didactic SE MES PC and states the remediation is to obtain Factory Control Panel from Festo technical support as a replacement for XAMPP on MES PCs.
Defensive priority
Medium. The issue is availability-focused, but the ability to cause repeated crashes in an OT-adjacent product can still create operational disruption. Prioritize if the affected MES PC stack is internet-reachable, remotely administered, or critical to production or training workflows.
Recommended defensive actions
- Verify whether any Festo Didactic SE MES PC deployments are using the affected software stack referenced in the advisory.
- Apply the vendor remediation path cited in the source: obtain the current Factory Control Panel version from Festo technical support.
- Restrict network access to MySQL and related service ports to only trusted administration and application hosts.
- Limit high-privilege remote access and review whether service accounts truly need elevated privileges.
- Monitor for repeated service crashes, hangs, or restart loops affecting MES PC environments.
- Use the linked CISA advisory and vendor references to confirm the exact affected asset versioning before scheduling changes.
Evidence notes
CVE timing in this debrief uses the supplied publishedAt value of 2024-02-27. The source item’s revision history shows later updates, including a 2026-01-27 republication. The advisory description states the vulnerability affects MySQL Server/InnoDB and can produce a complete DoS, while the CSAF metadata links the CVE to Festo Didactic SE MES PC and a remediation of replacing XAMPP with Factory Control Panel. That product-description pairing should be validated against the vendor advisory before broad operational assumptions are made.
Official resources
-
CVE-2021-2180 CVE record
CVE.org
-
CVE-2021-2180 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF source on 2024-02-27, with a later source republication recorded on 2026-01-27.