PatchSiren cyber security CVE debrief
CVE-2022-27383 Festo Didactic SE CVE debrief
According to the supplied advisory record, CVE-2022-27383 involves a use-after-free in MariaDB Server v10.6 and below, specifically in my_strcasecmp_8bit. The issue can be triggered with specially crafted SQL statements and is scored CVSS 7.5 (HIGH) because it can cause high availability impact without requiring privileges or user interaction. The source record is tied to a Festo Didactic SE MES PC advisory and points to a vendor replacement path rather than a direct MariaDB package fix, so asset owners should validate whether their deployment uses the affected embedded database component before applying remediation.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
OT and MES asset owners running Festo MES PC systems, administrators of embedded MariaDB deployments, and teams responsible for database exposure, hardening, and vendor patch validation.
Technical summary
The advisory text identifies a use-after-free in MariaDB's my_strcasecmp_8bit component. The supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates remote reachability, no authentication, no user interaction, and denial-of-service potential as the primary impact. The supplied remediation states that Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and that the fix is obtained through technical support. The advisory record does not provide a standalone MariaDB version fix in the supplied corpus.
Defensive priority
High. The combination of network reachability, no required privileges, and high availability impact makes this worth prompt validation and remediation planning, especially for production OT or MES environments where service disruption is costly.
Recommended defensive actions
- Confirm whether any MES PC deployment or other system in scope uses MariaDB Server v10.6 or below, or the XAMPP-based stack referenced by the vendor advisory.
- Apply the vendor-supplied replacement path noted in the advisory: obtain the current Factory Control Panel version from Festo technical support and deploy it according to change-control procedures.
- Plan for the component restart implied by the remediation record and schedule maintenance to avoid unexpected downtime.
- Restrict exposure to database services and only allow required management and application clients to reach the affected SQL interface.
- Monitor for abnormal MariaDB process crashes, restarts, or repeated SQL parsing failures that could indicate attempted triggering of the flaw.
- Cross-check affected assets against the official CVE record, the CISA advisory, and the vendor advisory before declaring remediation complete.
Evidence notes
The supplied source corpus links the CVE to a Festo Didactic SE MES PC advisory, while the vulnerability description itself names MariaDB Server v10.6 and below and the my_strcasecmp_8bit component. The remediation in the corpus is a vendor replacement path (Factory Control Panel) rather than an explicit MariaDB patch. Public advisory history shows initial publication on 2024-02-27 and later republication/modification on 2026-01-27; those advisory dates should be used for timing context.
Official resources
-
CVE-2022-27383 CVE record
CVE.org
-
CVE-2022-27383 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory record first published on 2024-02-27 and modified/reissued on 2026-01-27. Timing context should be interpreted from those advisory dates, not from the debrief generation date.