PatchSiren cyber security CVE debrief
CVE-2021-46667 Festo Didactic SE CVE debrief
CVE-2021-46667 describes an integer overflow in MariaDB's sql_lex.cc code path before 10.6.5 that can cause an application crash. In the supplied CISA CSAF advisory corpus, the issue is associated with Festo Didactic SE MES PC and a vendor replacement path through Factory Control Panel. The published CVSS vector is local and availability-only, so the main risk is loss of service rather than data compromise.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators of Festo Didactic SE MES PC deployments, administrators running affected MariaDB versions before 10.6.5, and teams responsible for production systems where a local crash would interrupt operations.
Technical summary
The source advisory links CVE-2021-46667 to an integer overflow in MariaDB's sql_lex.cc, with impact limited to an application crash. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a locally reachable issue requiring low privileges and resulting in high availability impact. The CISA CSAF metadata maps the advisory to Festo Didactic SE MES PC and notes a replacement product path via Factory Control Panel.
Defensive priority
Medium priority: address during normal maintenance, but move faster if the vulnerable component is present on production MES PCs or any local user can interact with it.
Recommended defensive actions
- Confirm whether any deployed systems include MariaDB versions earlier than 10.6.5 or the Festo Didactic SE MES PC configuration named in the advisory.
- Apply the vendor-provided replacement: obtain the current Factory Control Panel from Festo technical support, as stated in the CSAF remediation.
- If you manage MariaDB directly in another context, upgrade to MariaDB 10.6.5 or later where applicable.
- Limit local access and privileges on affected hosts to reduce exposure to the locally exploitable crash condition.
- Monitor affected systems for unexpected MariaDB or application crashes and verify recovery procedures for production MES environments.
Evidence notes
The source corpus is a CISA CSAF advisory for "Festo Didactic SE MES PC" (ICSA-26-027-02) published on 2024-02-27, with later revision history including a 2026-01-27 republication entry. The advisory description explicitly states: "MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash." The remediation section states that Festo Didactic has released Factory Control Panel as a replacement for XAMPP on its MES PCs and directs users to obtain the current version from Festo support. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The 2026-01-27 timestamp in the corpus is a republication/revision date, not the original vulnerability date.
Official resources
-
CVE-2021-46667 CVE record
CVE.org
-
CVE-2021-46667 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory context first appears in the supplied corpus on 2024-02-27 via the CISA CSAF record for ICSA-26-027-02; the corpus also shows a later CISA republication on 2026-01-27.