PatchSiren cyber security CVE debrief
CVE-2021-46666 Festo Didactic SE CVE debrief
The supplied government advisory associates CVE-2021-46666 with Festo Didactic SE MES PC and describes an availability-impacting crash condition. The remediation guidance points to a vendor-released replacement for Factory Control Panel on MES PCs. The source corpus is worth reading carefully because the CVE description text also references a MariaDB crash condition, so asset applicability should be verified against the Festo advisory before action is taken.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
OT/ICS defenders, MES PC administrators, and anyone responsible for Festo Didactic SE systems that use the referenced Factory Control Panel/XAMPP stack should review this immediately. Site reliability and maintenance teams should also care because the documented impact is application crash / denial of service, which can disrupt industrial training or production workflows.
Technical summary
Per the supplied CVE description, the issue is a MariaDB crash caused by mishandling a pushdown from a HAVING clause to a WHERE clause, with a CVSS 3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (5.5 MEDIUM). In the supplied advisory metadata, the affected product context is Festo Didactic SE MES PC, and the stated fix is a vendor-provided Factory Control Panel replacement for XAMPP on MES PCs.
Defensive priority
Medium. The CVSS score is moderate, and the primary impact is availability rather than confidentiality or integrity. However, in an OT or MES environment, even a local crash can interrupt operations, so remediation should be prioritized once applicability is confirmed.
Recommended defensive actions
- Confirm whether your MES PC deployment matches the Festo advisory context and uses the affected Factory Control Panel/XAMPP package.
- Obtain the current Factory Control Panel release from Festo technical support and deploy the vendor-fixed version.
- Plan the update in a maintenance window and validate the replacement package in a test environment before production rollout.
- Monitor MES PC service stability and crash logs until remediation is complete.
- Because the supplied corpus mixes a MariaDB crash description with Festo MES PC advisory metadata, verify exposure against the official Festo and CISA advisory references before making changes.
Evidence notes
Source item published 2024-02-27 and republished 2026-01-27 in the CISA CSAF corpus. The supplied metadata ties the advisory to Festo Didactic SE MES PC and recommends replacing Factory Control Panel, while the CVE description text itself states a MariaDB crash before 10.6.2 caused by HAVING-to-WHERE pushdown mishandling. That mismatch is present in the supplied corpus, so this debrief avoids assuming a broader exploitability or product impact beyond the cited references.
Official resources
-
CVE-2021-46666 CVE record
CVE.org
-
CVE-2021-46666 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Based on the supplied public advisory corpus, first published 2024-02-27 and republished 2026-01-27. This debrief uses only the provided source item and official references.