PatchSiren cyber security CVE debrief
CVE-2021-46668 Festo Didactic SE CVE debrief
CVE-2021-46668 is an availability-impacting MariaDB issue that can cause an application crash when certain long SELECT DISTINCT statements interact badly with storage-engine limits for temporary data structures. In the CISA CSAF advisory corpus, the issue is mapped to Festo Didactic SE’s MES PC environment, and Festo’s remediation points to replacing XAMPP with Factory Control Panel on MES PCs. The published CVSS vector rates the issue as local, low-privilege, and high-availability impact only.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and administrators of Festo Didactic SE MES PCs, teams maintaining MES deployments that include MariaDB/XAMPP components, and OT/ICS support staff responsible for patching or replacing the affected software stack.
Technical summary
The supplied advisory text describes a MariaDB through 10.5.9 condition where certain long SELECT DISTINCT statements can improperly interact with storage-engine resource limits for temporary data structures, resulting in an application crash. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack path with no confidentiality or integrity impact and a high availability impact. The CSAF record associates the issue with Festo Didactic SE MES PC and references a vendor remediation that replaces XAMPP with Factory Control Panel.
Defensive priority
Medium. The issue is a denial-of-service condition rather than a code-execution flaw, but it can still disrupt MES availability. Prioritize it for systems where downtime affects training, production support, or operational continuity.
Recommended defensive actions
- Obtain and deploy the current Factory Control Panel version from Festo technical support, as cited in the remediation guidance.
- Replace or remove the vulnerable XAMPP-based MES PC component set where applicable, following the vendor’s replacement guidance.
- Inventory MES PC installations to confirm whether the affected MariaDB/XAMPP stack is present.
- Schedule updates during maintenance windows and verify that the replacement does not reintroduce the vulnerable component.
- Review and follow CISA ICS recommended practices for defense-in-depth and operational continuity.
Evidence notes
This debrief is based only on the supplied CSAF corpus and the provided official reference links. The vulnerability text states that MariaDB through 10.5.9 may crash via certain long SELECT DISTINCT statements that interact with storage-engine limits for temporary data structures. The CSAF metadata maps the CVE to Festo Didactic SE, product MES PC, and the remediation notes say Festo Didactic released Factory Control Panel as a replacement for XAMPP on its MES PCs. The CVE published date used here is 2024-02-27; later CSAF revision/republication dates are not treated as the issue date.
Official resources
-
CVE-2021-46668 CVE record
CVE.org
-
CVE-2021-46668 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied source corpus on 2024-02-27, with later CSAF revision history and a 2026 republication entry that should not be treated as the original CVE date.