PatchSiren cyber security CVE debrief
CVE-2022-27444 Festo Didactic SE CVE debrief
CVE-2022-27444 is a high-severity availability issue referenced in a CISA CSAF advisory for Festo Didactic SE MES PC. The advisory text says MariaDB Server v10.9 and below can hit a segmentation fault in sql/item_subselect.cc, which can disrupt service availability. The supplied advisory corpus also points to Festo’s Factory Control Panel as the replacement path for XAMPP on affected MES PCs.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Organizations operating Festo Didactic MES PC systems, especially those that rely on the affected MariaDB/XAMPP stack or expose the service to network access. OT, training, and lab environments should pay attention because the impact is service outage rather than data compromise.
Technical summary
The source corpus maps CVE-2022-27444 to a denial-of-service condition with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability description states that MariaDB Server v10.9 and below can encounter a segmentation fault in sql/item_subselect.cc. In the advisory record, this is associated with Festo Didactic SE MES PC, and the documented remediation is to move to Festo’s Factory Control Panel replacement for XAMPP on MES PCs.
Defensive priority
High for availability-critical environments. The issue is network-reachable, requires no privileges or user interaction per the supplied CVSS vector, and can cause service interruption.
Recommended defensive actions
- Inventory MES PC systems and verify whether they are using the affected MariaDB/XAMPP-based component set.
- Obtain and deploy the current Factory Control Panel version from Festo technical support as directed in the advisory.
- Restrict network exposure to the affected service and limit access to trusted management networks only.
- Monitor for unexpected MariaDB or application crashes, restarts, and service interruptions.
- Validate the remediation during a maintenance window and confirm the replacement component is in place before returning the system to service.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory record and its listed official references. The advisory text explicitly states the MariaDB Server v10.9-and-below segmentation fault in sql/item_subselect.cc and the remediation note identifies Festo’s Factory Control Panel replacement for XAMPP on MES PCs. The source revision history shows the advisory was initially published on 2024-02-27 and later republished with metadata/template updates.
Official resources
-
CVE-2022-27444 CVE record
CVE.org
-
CVE-2022-27444 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA’s CSAF record shows the advisory was initially published on 2024-02-27. The revision history includes later updates and a 2026 republication entry, but those are advisory metadata changes and should not be treated as the original CVE/