PatchSiren cyber security CVE debrief
CVE-2022-27385 Festo Didactic SE CVE debrief
CVE-2022-27385 is a high-severity availability issue described in the Festo Didactic SE MES PC advisory corpus. The source text ties the problem to the MariaDB-related component "Used_tables_and_const_cache::used_tables_and_const_cache_join" and states that specially crafted SQL statements can cause denial of service. The advisory’s remediation says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs, and that the current version includes fixes for these vulnerabilities. For defenders, the main takeaway is to treat this as a network-reachable service-availability risk in MES PC deployments until the vendor-supported replacement is in place.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC owners, OT/ICS administrators, plant IT teams, and anyone responsible for the XAMPP/MariaDB stack used by those systems should pay attention. Availability-focused defenders should prioritize systems that are reachable from broader internal networks or remote maintenance paths.
Technical summary
The supplied advisory data assigns CVE-2022-27385 CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable issue requiring no privileges or user interaction and impacting availability only. The corpus describes the vulnerable component as "Used_tables_and_const_cache::used_tables_and_const_cache_join" in MariaDB Server v10.7 and below, and the vendor remediation links the fix path to replacing XAMPP on MES PCs with Factory Control Panel. The source corpus does not describe confidentiality or integrity impact, exploitation prerequisites beyond crafted SQL, or any confirmed weaponization.
Defensive priority
High. The issue is network-exploitable, requires no authentication, and can interrupt service availability in an industrial environment. Prioritize affected MES PC instances that still rely on the vulnerable bundled stack, then move to segmentation and access-control hardening around the service interfaces.
Recommended defensive actions
- Identify all Festo Didactic MES PC deployments and confirm whether they still use the affected XAMPP/MariaDB-based configuration.
- Obtain and deploy the current Factory Control Panel version from Festo technical support, as referenced in the remediation.
- Restrict network access to the MES PC services and management interfaces to only trusted administrative paths.
- Monitor for unusual SQL activity, service crashes, or repeated restarts that could indicate attempted denial-of-service conditions.
- Validate backups and rollback procedures before making the replacement or upgrade in production OT environments.
Evidence notes
The supplied CISA CSAF source item for CVE-2022-27385 is published at 2024-02-27T12:00:00.000Z and was modified/republished on 2026-01-27T16:20:28.099Z. The corpus identifies the vendor as Festo Didactic SE and the product as MES PC, while the vulnerability description names a MariaDB Server v10.7-and-below component. The remediation explicitly says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and that the current version includes fixes for these vulnerabilities. No KEV listing is present in the supplied corpus.
Official resources
-
CVE-2022-27385 CVE record
CVE.org
-
CVE-2022-27385 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by the source corpus on 2024-02-27; the advisory was later republished/modified on 2026-01-27. The supplied corpus does not list the issue in CISA KEV.