CVE-2022-27380 Festo Didactic SE CVE debrief

Who should care

Festo MES PC operators, OT/ICS administrators, plant engineers, system integrators, and support teams responsible for the exposed SQL/database components in industrial environments.

Technical summary

The supplied source describes CVE-2022-27380 as a network-reachable denial-of-service condition affecting the my_decimal::operator= component in MariaDB Server v10.6.3 and below, with a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. In the CISA-republished Festo Didactic SE MES PC advisory, the vulnerability is associated with MES PC deployments and the recommended vendor fix is to move to Factory Control Panel, which includes fixes for the identified issues. The impact in the provided corpus is availability only; no confidentiality or integrity impact is indicated.

Defensive priority

High. The issue is remotely reachable, requires no privileges or user interaction in the supplied CVSS vector, and can cause service interruption in an industrial/OT context where availability matters. Even without a known exploitation campaign in the provided data, organizations running the affected MES PC stack should treat validation and remediation as time-sensitive.

Recommended defensive actions

• Inventory MES PC installations and confirm whether the affected MariaDB/XAMPP-related components are present in your deployment.
• Obtain the vendor-recommended Factory Control Panel version through Festo support and plan a controlled replacement or upgrade path.
• Test the vendor update in a staging or maintenance window before production rollout, especially where the vulnerable component is operationally critical.
• Restrict network access to management and database interfaces associated with the affected system and follow ICS defense-in-depth practices.
• Monitor for abnormal service interruptions and database-related errors while remediation is underway.
• If immediate patching is not possible, isolate the affected system segment and apply compensating controls to reduce exposure.

Evidence notes

Evidence comes from the supplied CISA CSAF source item for ICSA-26-027-02, which republishes the Festo Didactic SE MES PC advisory and includes the CVE description, the CVSS 3.1 vector, and the remediation note about Factory Control Panel replacing XAMPP. The source item revision history shows initial publication on 2024-02-27 and a later CISA republication on 2026-01-27. The corpus also contains reference links to the official CVE record, NVD entry, Festo advisory material, and CISA advisory page. The vendor/product context and the vulnerability description are not perfectly aligned in the source corpus, so the advisory should be validated against the specific deployed components before action.

Official resources