CVE-2022-27387 Festo Didactic SE CVE debrief

Who should care

Festo Didactic SE MES PC operators, industrial/OT administrators, and support teams responsible for systems that include MariaDB or legacy XAMPP-based components. Security teams should also care if MES PCs are exposed to untrusted network users or if SQL input paths can be reached by applications or integrations.

Technical summary

The advisory text states that MariaDB Server v10.7 and below contains a global buffer overflow in decimal_bin_size. The attack vector in the supplied CVSS vector is network-based, requires no privileges, and no user interaction, with availability impact rated high and confidentiality/integrity impact rated none. The source corpus ties the issue to Festo Didactic SE MES PC and recommends moving to Factory Control Panel, which is described as including fixes for these vulnerabilities.

Defensive priority

High. The issue is remotely reachable according to the supplied CVSS vector, and the documented impact is high availability loss. For MES/OT environments, even a denial-of-service condition can disrupt production or training operations, so remediation should be prioritized wherever affected MariaDB components remain in use.

Recommended defensive actions

• Confirm whether any Festo Didactic SE MES PC systems still use MariaDB Server v10.7 or below, or legacy XAMPP components referenced by the vendor remediation.
• Obtain and deploy the current Factory Control Panel version from Festo support, as the advisory states it includes fixes for these vulnerabilities.
• Validate the affected MES PC build and component inventory before rollout so the replacement path matches the vendor-supported remediation.
• Restrict access to database interfaces and SQL entry points to trusted systems only, especially on OT networks where the attack surface should be minimized.
• Test the vendor update in a maintenance window and verify that the vulnerable component is no longer present after remediation.
• Monitor for service instability or unexpected restarts during and after update deployment, since the remediation notes indicate a restart is required for the vulnerable component.

Evidence notes

The supplied CISA CSAF advisory (ICSA-26-027-02) identifies the product as Festo Didactic SE MES PC and repeats the vendor description that MariaDB Server v10.7 and below is vulnerable to a global buffer overflow in decimal_bin_size via specially crafted SQL statements. The source metadata lists the CVE publication date as 2024-02-27 and the latest modification as 2026-01-27. The remediation entry dated 2023-05-26 states that Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and that the current version includes fixes. No KEV entry is present in the supplied enrichment fields.

Official resources