PatchSiren cyber security CVE debrief
CVE-2022-27386 Festo Didactic SE CVE debrief
CVE-2022-27386 is presented in the supplied advisory corpus as a high-severity availability issue (CVSS 7.5) linked to Festo Didactic SE MES PC, with the vulnerability text stating that MariaDB Server v10.7 and below can hit a segmentation fault in sql/sql_class.cc. The available material focuses on defensive remediation: Festo Didactic states that Factory Control Panel replaced XAMPP on MES PCs and that the current version includes fixes for these vulnerabilities.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
OT/ICS administrators, Festo Didactic MES PC owners, and support teams responsible for systems that still rely on the affected MariaDB/XAMPP-related software stack should review this advisory. Availability-focused teams should also care because the listed impact is denial of service through a segmentation fault.
Technical summary
The source advisory maps CVE-2022-27386 to Festo Didactic SE MES PC and describes the issue as a segmentation fault in MariaDB Server v10.7 and below, specifically in sql/sql_class.cc. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network-reachable exploitation with no privileges or user interaction required and impact limited to availability. The corpus does not explain the precise relationship between the Festo product and the MariaDB component, so the safest interpretation is that the advisory associates the CVE with that product line and recommends upgrading to the vendor-fixed replacement.
Defensive priority
High. The issue is rated CVSS 7.5 with availability-only impact, and the vendor remediation indicates a fix is available through the current Factory Control Panel release. Systems still using the affected MES PC software stack should be prioritized for verification and replacement.
Recommended defensive actions
- Confirm whether any MES PC deployments are still using the affected software stack referenced in the advisory.
- Obtain and deploy the current Factory Control Panel version from Festo Didactic technical support, as stated in the remediation guidance.
- Treat this as an availability risk and validate that the replacement is installed across all relevant MES PCs.
- Review exposed services and operational dependencies around the affected component to reduce the blast radius of a crash or restart.
- Track the advisory and reference links for any follow-up revisions from CISA or the vendor.
Evidence notes
The source corpus explicitly states: 'MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.' It also identifies the advisory as 'Festo Didactic SE MES PC' and lists a vendor remediation dated 2023-05-26 saying Factory Control Panel replaced XAMPP on MES PCs and includes fixes. CISA revision history shows the initial advisory date as 2024-02-27 and a later republication on 2026-01-27; the CVE issue date used here is the published date supplied in the prompt, not the later republication date. The corpus does not clarify how the Festo product mapping and MariaDB component statement relate beyond the advisory association.
Official resources
-
CVE-2022-27386 CVE record
CVE.org
-
CVE-2022-27386 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2022-27386 was published on 2024-02-27 in the supplied timeline. The CISA source item shows a later republication on 2026-01-27, but that is advisory maintenance, not the original CVE publication date.