PatchSiren cyber security CVE debrief
CVE-2022-27377 Festo Didactic SE CVE debrief
CVE-2022-27377 is a high-severity use-after-free issue described in the Festo Didactic MES PC advisory corpus. The advisory text says MariaDB Server v10.6.3 and below is affected in Item_func_in::cleanup(), with exploitation possible via specially crafted SQL statements. Festo’s remediation guidance points to Factory Control Panel as a replacement for XAMPP on MES PCs and directs customers to obtain the current vendor version.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC operators, OT/industrial control administrators, and security teams responsible for systems that rely on the affected MariaDB/XAMPP-related software stack should prioritize this issue.
Technical summary
The supplied advisory describes a use-after-free vulnerability (CWE-416) in MariaDB Server’s Item_func_in::cleanup() component path. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates network exposure, no privileges required, no user interaction, and a high availability impact. The source corpus ties the issue to the Festo Didactic MES PC advisory and remediation path, not to a KEV listing or confirmed ransomware use.
Defensive priority
High. The scoring is 7.5 HIGH and the attack surface is described as network-reachable with no privileges or user interaction required. Systems running the affected MES PC software stack should be reviewed and updated promptly.
Recommended defensive actions
- Obtain and deploy the current Festo Factory Control Panel version from the vendor channel referenced in the advisory.
- Inventory MES PCs and confirm whether the affected XAMPP/MariaDB-related software stack is present.
- Restrict access to database and management interfaces to trusted OT/admin networks only.
- Monitor affected systems for abnormal crashes, restarts, or database instability consistent with a memory-safety issue.
- Validate backups and recovery procedures before making software changes on production MES PCs.
- Follow the linked CISA and vendor advisory pages for any later updates or replacement guidance.
Evidence notes
The source corpus explicitly states: “MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.” The remediation entry says Festo Didactic released Factory Control Panel as a replacement for XAMPP on its MES PCs and instructs customers to contact technical support for the current version. The supplied timeline shows the CVE/public advisory date as 2024-02-27 and a later republication/modification on 2026-01-27; the later date should not be treated as the original issue date. No KEV entry is provided in the corpus.
Official resources
-
CVE-2022-27377 CVE record
CVE.org
-
CVE-2022-27377 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The CVE/public advisory date in the supplied timeline is 2024-02-27. The source record was later republished on 2026-01-27, but that later modification is not the original disclosure date.