CVE-2021-2372 Festo Didactic SE CVE debrief

Who should care

Festo MES PC operators, OT/ICS administrators, and responders responsible for systems where the affected MySQL/InnoDB component is deployed or reachable over the network. Prioritize environments where privileged remote access is common or where a MySQL service crash would interrupt production or training operations.

Technical summary

The supplied CVE description says Oracle MySQL Server's InnoDB component is affected in versions 5.7.34 and prior and 8.0.25 and prior. The attack requires a high-privileged network attacker and can be triggered via multiple protocols, with impact limited to unauthorized hang or repeatable crash (complete DoS) of the MySQL Server. The CISA CSAF record associates the CVE with Festo Didactic SE MES PC and references a vendor remediation to replace XAMPP with Factory Control Panel.

Defensive priority

Medium. The issue is network-reachable and can fully disrupt service, but it requires high privileges and is described as difficult to exploit. Treat it as a priority for production MES PCs or any environment where MySQL downtime would have operational impact.

Recommended defensive actions

• Confirm whether affected MES PC deployments include the vulnerable MySQL/InnoDB component or a bundled service exposed to trusted networks.
• Apply the vendor remediation path referenced in the advisory: move to the current Factory Control Panel release obtained through Festo support.
• Restrict network access to MySQL and administrative interfaces to only necessary hosts and operators, and avoid exposing them broadly across site networks.
• Review privileged account use and reduce unnecessary high-privilege remote access that could satisfy the attack preconditions.
• Monitor MES PC hosts for MySQL hangs, repeated crashes, or unexpected service restarts, and validate recovery procedures and backups.
• Track the CISA/Festo advisory set for updates, but note that no KEV listing is present in the supplied record.

Evidence notes

The source corpus ties CVE-2021-2372 to a Festo Didactic SE MES PC advisory (ICSA-26-027-02) while the CVE description itself identifies the vulnerable software as Oracle MySQL Server, InnoDB component. The supplied text explicitly states: affected versions are 5.7.34 and prior and 8.0.25 and prior; exploitation requires a high-privileged attacker with network access via multiple protocols; and successful attacks can cause a hang or repeatedly reproducible crash resulting in complete denial of service. The CISA CSAF metadata also includes a remediation note that Festo released Factory Control Panel as a replacement for XAMPP on MES PCs and that the current version includes fixes. No exploit details or KEV listing are present in the provided material.

Official resources