PatchSiren

PatchSiren cyber security CVE debrief

CVE-2021-46669 Festo Didactic SE CVE debrief

CVE-2021-46669 is a high-severity denial-of-service vulnerability described by CISA as a MariaDB use-after-free in convert_const_to_int when BIGINT is used. In the Festo Didactic SE advisory context, the issue is associated with MES PC deployments and the vendor’s replacement guidance for XAMPP-based systems. Because the published CVSS vector is network-reachable with no privileges or user interaction required and availability impact is high, exposed systems should be treated as urgent patching candidates. For defenders, the key takeaway is that this is a component-level remediation issue: confirm whether affected MES PC instances are using the vulnerable package/component set, then move to the vendor-provided Factory Control Panel replacement and validate that the current version includes the fix. No KEV listing was supplied for this CVE, but the network attack surface and service-impact profile justify prompt action on any reachable deployment.

Vendor
Festo Didactic SE
Product
MES PC
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-02-27
Original CVE updated
2026-01-27
Advisory published
2024-02-27
Advisory updated
2026-01-27

Who should care

Operators and administrators of Festo Didactic SE MES PC environments, especially systems still running the affected XAMPP/MariaDB component set; industrial IT and OT teams responsible for availability-sensitive endpoints; vulnerability management teams tracking externally reachable services.

Technical summary

The advisory describes CVE-2021-46669 as a MariaDB through 10.5.9 use-after-free in convert_const_to_int triggered when BIGINT data type handling is involved. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates a remotely reachable issue with no authentication or user interaction needed and a primary impact to availability. In the CISA CSAF advisory, the affected product context is Festo Didactic SE MES PC, and the remediation points to a vendor replacement: Factory Control Panel, which includes fixes for the vulnerabilities.

Defensive priority

High. Prioritize remediation on any internet-reachable or otherwise exposed MES PC deployment, and move quickly on internal systems that can impact operations if service availability is lost.

Recommended defensive actions

  • Identify all Festo Didactic SE MES PC instances and confirm whether they are using the affected component set described in the advisory.
  • Obtain and deploy the current Factory Control Panel version referenced by the vendor as containing the fix.
  • Treat reachable deployments as urgent because the CVSS vector requires no privileges or user interaction and has high availability impact.
  • Verify after remediation that the vulnerable component is no longer present and that the replacement version is running.
  • Coordinate downtime or maintenance windows as needed for operational validation on OT-adjacent systems.
  • Track vendor advisories and CISA updates for any follow-on revisions to the advisory or remediation guidance.

Evidence notes

Facts in this debrief are drawn only from the supplied CISA CSAF source item and its official references. The source item identifies advisory ICSA-26-027-02 for Festo Didactic SE MES PC, states that CVE-2021-46669 involves a MariaDB through 10.5.9 convert_const_to_int use-after-free when BIGINT is used, and provides CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The remediation entry states that Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and that the current version includes fixes. The source advisory was initially published on 2024-02-27 and republished on 2026-01-27; that timeline is used only as disclosure context, not as the vulnerability’s issue date.

Official resources

The advisory data supplied here was initially published on 2024-02-27 and later republished on 2026-01-27. The vendor remediation entry is dated 2023-05-26 and points to Factory Control Panel as the replacement for XAMPP on MES PCs.