CVE-2022-27446 Festo Didactic SE CVE debrief

Who should care

Festo Didactic SE MES PC owners, industrial training/lab operators, OT/ICS administrators, and any team running the affected XAMPP/MariaDB-based MES PC stack.

Technical summary

The source corpus describes a segmentation fault affecting MariaDB Server v10.9 and below, with the advisory context mapped to Festo Didactic SE MES PC. The stated impact is availability-only, consistent with the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The corpus does not provide exploit details beyond the service-crash condition. Remediation guidance in the advisory points to replacing XAMPP with Factory Control Panel on MES PCs and obtaining the current version through Festo support.

Defensive priority

High. Treat as a prompt availability-risk remediation for any exposed or production-dependent MES PC deployment, especially where service interruption would affect lab, training, or industrial operations.

Recommended defensive actions

• Inventory MES PCs and confirm whether the affected MariaDB/XAMPP stack is present.
• Obtain the current Factory Control Panel replacement from Festo Didactic support and deploy the vendor-recommended fix.
• Validate service restoration and confirm that the vulnerable component is no longer in use after remediation.
• Reduce network exposure and apply ICS defense-in-depth controls while remediation is pending, especially on systems reachable from broader networks.

Evidence notes

The supplied corpus contains a context mismatch: the advisory metadata identifies Festo Didactic SE MES PC as the affected product context, while the advisory description names MariaDB Server v10.9 and below and cites a segmentation fault in sql/item_cmpfunc.h. This debrief preserves both statements without inferring a product relationship beyond what the corpus explicitly provides. Timing is based on the supplied CVE published date of 2024-02-27 and modified date of 2026-01-27.

Official resources