PatchSiren cyber security CVE debrief
CVE-2021-46663 Festo Didactic SE CVE debrief
CVE-2021-46663 is a medium-severity availability issue involving MariaDB through 10.5.13, where certain SELECT statements can trigger a ha_maria::extra crash. In the supplied CISA CSAF advisory, the issue is associated with Festo Didactic SE MES PC and a vendor replacement path through Factory Control Panel for MES PCs.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC operators, OT/lab administrators, and anyone maintaining affected systems that may include the MariaDB component referenced in the advisory.
Technical summary
The supplied advisory describes a local crash condition in MariaDB through 10.5.13: certain SELECT statements can cause ha_maria::extra to crash, producing a denial-of-service impact. The advisory context maps the CVE to Festo Didactic SE MES PC and indicates that Festo released Factory Control Panel as a replacement for XAMPP on MES PCs, with fixes included in the current version obtained through vendor technical support. The CVSS vector in the source is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which aligns with an availability-only impact and local attack requirements.
Defensive priority
Medium — prioritize if you operate Festo MES PCs or other systems using the affected MariaDB component, especially where local users or services can issue database queries.
Recommended defensive actions
- Inventory MES PC deployments and confirm whether the vendor-recommended Factory Control Panel replacement is installed.
- Obtain the current Factory Control Panel version from Festo technical support and apply the vendor fix path described in the advisory.
- Restrict local database access to trusted users and least-privilege accounts.
- Monitor affected systems for unexpected MariaDB or application crashes and validate recovery procedures.
- Track the CISA CSAF advisory and vendor references for any follow-on updates or clarifications.
Evidence notes
The supplied source is the CISA CSAF advisory ICSA-26-027-02, republished from the Festo advisory context, with publishedAt 2024-02-27 and modifiedAt 2026-01-27. The source description states that MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. The remediation entry says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and that the current version includes fixes. The source also provides a CVSS 3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and no KEV or ransomware linkage in the supplied corpus.
Official resources
-
CVE-2021-46663 CVE record
CVE.org
-
CVE-2021-46663 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF source on 2024-02-27 and republished/modified on 2026-01-27. No KEV listing, due date, or ransomware campaign linkage is present in the supplied corpus.