CVE-2022-27381 Festo Didactic SE CVE debrief

Who should care

Organizations operating Festo Didactic SE MES PC systems, especially administrators responsible for the bundled database/application stack and any environment where service availability is operationally important.

Technical summary

The advisory assigns CVSS 3.1 7.5 HIGH with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable availability impact without privileges or user interaction. The source text attributes the issue to MariaDB Server's Field::set_default component and says specially crafted SQL statements can cause denial of service. The remediation provided in the source is a vendor-supplied Factory Control Panel replacement for XAMPP on MES PCs, which implies the practical fix is to move to the updated replacement package rather than apply a standalone patch described in the corpus.

Defensive priority

High. Prioritize if MES PCs are operationally critical, exposed to untrusted networks, or still using the referenced XAMPP-based stack. Because the issue is a straightforward availability risk with no authentication required, it should be handled ahead of routine maintenance.

Recommended defensive actions

• Verify whether any Festo MES PC installations still use the vulnerable XAMPP-based components referenced in the advisory.
• Obtain and deploy the current Factory Control Panel version from Festo technical support, as the source states it includes fixes for the affected vulnerabilities.
• Restrict network access to any SQL-facing services on affected systems until the fixed replacement is in place.
• Monitor MES PC availability and logs for unusual SQL activity or repeated service failures that could indicate denial-of-service attempts.
• Use CISA ICS recommended practices for segmentation, least privilege, and defensive monitoring around affected OT/ICS assets.

Evidence notes

The supplied CISA CSAF source item (ICSA-26-027-02) republished the Festo Didactic SE advisory and lists CVE-2022-27381 with a CVSS 7.5 HIGH availability-only impact. The remediation entry states that Factory Control Panel replaces XAMPP on MES PCs and includes fixes. One important caveat is that the description text references MariaDB Server v10.6 and below, while the advisory metadata names Festo Didactic SE MES PC; this debrief treats that as an advisory-scope linkage from the source corpus rather than an independently verified standalone MariaDB product advisory.

Official resources