PatchSiren cyber security CVE debrief
CVE-2022-27384 Festo Didactic SE CVE debrief
CVE-2022-27384 is a network-reachable denial-of-service issue described in the Festo Didactic SE MES PC advisory material. The source description attributes the problem to MariaDB Server's Item_subselect::init_expr_cache_tracker path in v10.6 and below, where specially crafted SQL statements can disrupt availability. The CISA CSAF remediation guidance points affected MES PC users toward Festo's Factory Control Panel replacement.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic MES PC operators, OT/ICS administrators, and any team responsible for the packaged database stack or related service availability should prioritize this advisory.
Technical summary
The supplied advisory text describes an availability-only flaw with CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. It indicates that specially crafted SQL statements can trigger a denial of service through MariaDB Server's Item_subselect::init_expr_cache_tracker component on MariaDB Server v10.6 and below, in the context of the Festo Didactic SE MES PC advisory.
Defensive priority
High for any exposed or production MES PC deployment, because the issue is remotely reachable and can take down service availability even without authentication or user interaction.
Recommended defensive actions
- Confirm whether any MES PC deployment or bundled stack uses the affected MariaDB Server component or the older XAMPP-based setup referenced by the advisory.
- Obtain and deploy the current Factory Control Panel replacement from Festo technical support as directed in the remediation notice.
- Plan a maintenance window to replace the vulnerable component and verify the service restarts cleanly after remediation.
- Restrict access to the affected MES PC and segment operational networks while remediation is pending to reduce the impact of unauthorized SQL traffic.
- Monitor for unexpected service interruption or database-related crashes and validate recovery procedures before returning the system to production.
Evidence notes
The primary evidence comes from the CISA CSAF source item for ICSA-26-027-02, republished on 2026-01-27, which ties CVE-2022-27384 to Festo Didactic SE MES PC and reproduces the description that the flaw affects MariaDB Server v10.6 and below. The CSAF remediation entry is dated 2023-05-26 and states that Factory Control Panel replaces XAMPP on affected MES PCs. The supplied corpus does not include exploit details, active campaign information, or KEV listing data.
Official resources
-
CVE-2022-27384 CVE record
CVE.org
-
CVE-2022-27384 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory material published by CISA on 2024-02-27; the source advisory was later republished on 2026-01-27. No KEV listing was supplied in the corpus.