CVE-2021-2194 Festo Didactic SE CVE debrief

Who should care

OT/ICS operators, MES PC administrators, and anyone managing affected MySQL Server instances or privileged access in the Festo advisory context should pay attention, especially where service availability is operationally important.

Technical summary

The supplied advisory text describes a vulnerability in Oracle MySQL Server's InnoDB component affecting 5.7.33 and prior and 8.0.23 and prior. The attack requires network access and high privileges, uses no UI, and can result in a hang or frequently repeatable crash of the MySQL Server, which maps to denial of service only in the provided CVSS vector and description.

Defensive priority

Medium

Recommended defensive actions

• Inventory any affected MySQL Server deployments in the MES PC environment and confirm whether versions 5.7.33 or earlier, or 8.0.23 or earlier, are present.
• Follow the vendor remediation path in the source corpus: obtain the current Factory Control Panel from Festo technical support because it is described as including fixes.
• Restrict privileged database access to trusted administrative hosts and limit unnecessary network reachability to the service.
• Enable monitoring for MySQL hangs, crashes, and unexpected restarts so availability problems are detected quickly.
• Validate backups, recovery procedures, and service restart controls so an availability event does not interrupt operations for long.

Evidence notes

This debrief uses only the supplied CISA CSAF source item ICSA-26-027-02, its linked references, and the provided timeline fields. The corpus associates the advisory with Festo Didactic SE MES PC while the vulnerability description itself identifies Oracle MySQL Server InnoDB; the summary above stays within those source statements and does not add unsupported details.

Official resources