PatchSiren cyber security CVE debrief
CVE-2022-27382 Festo Didactic SE CVE debrief
CVE-2022-27382 is a high-severity availability issue referenced in Festo Didactic SE MES PC advisory material. The source description says MariaDB Server v10.7 and below can hit a segmentation fault in Item_field::used_tables/update_depend_map_for_order, which can lead to service disruption rather than data theft or integrity loss. For MES PC operators, the practical concern is unplanned downtime in systems that include the affected component chain.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC administrators, OT/ICS support teams, and anyone operating deployments that still rely on the affected MariaDB/XAMPP-related component path. Security teams responsible for availability-sensitive industrial systems should treat this as a patch-and-verify item.
Technical summary
The advisory maps CVE-2022-27382 to a segmentation fault in MariaDB Server v10.7 and below, with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The source ties the issue to Festo Didactic SE MES PC advisory content and recommends moving to the current Factory Control Panel release, which is stated to include fixes for these vulnerabilities. The likely impact is remote denial of service via application crash or instability, with no cited confidentiality or integrity impact in the provided material.
Defensive priority
High. The CVSS score is 7.5 and the impact is entirely availability-focused, which is especially important for MES and other operational environments where outages can interrupt production or training workflows.
Recommended defensive actions
- Identify MES PC installations that still use the affected MariaDB/XAMPP component path or older Factory Control Panel releases.
- Obtain the current Factory Control Panel version from Festo technical support as directed in the advisory.
- Validate the deployed version after upgrade and confirm the vulnerable component is no longer present.
- Prioritize availability monitoring and restart recovery procedures for MES PCs until remediation is complete.
- Use CISA ICS recommended practices to reduce the operational impact of service interruptions in industrial environments.
Evidence notes
The supplied source corpus is a CISA CSAF republication of Festo advisory material with CVE publishedAt 2024-02-27 and modifiedAt 2026-01-27; the later timestamp is a republication/revision marker, not the original vulnerability date. The description explicitly states 'MariaDB Server v10.7 and below' and the remediation entry says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs. The record also includes the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and a reference to the official CVE record.
Official resources
-
CVE-2022-27382 CVE record
CVE.org
-
CVE-2022-27382 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF source on 2024-02-27. The 2026-01-27 timestamp in the corpus reflects republication or revision activity and should not be treated as the original CVE issue date.