PatchSiren cyber security CVE debrief
CVE-2022-27447 Festo Didactic SE CVE debrief
CVE-2022-27447 is a high-severity use-after-free in MariaDB Server v10.9 and below, surfaced in a CISA CSAF advisory for Festo Didactic SE MES PC. The advisory’s remediation path points operators to Festo’s current Factory Control Panel release and associated support guidance, indicating the issue affects the bundled software stack used on those systems.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC operators, OT/ICS administrators, and teams responsible for the underlying MariaDB/XAMPP-based software stack should review this advisory and confirm whether affected components are still deployed.
Technical summary
The advisory describes a use-after-free in Binary_string::free_buffer() at /sql/sql_string.h. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates a network-reachable issue with low attack complexity, no privileges or user interaction required, and high availability impact. The source material does not describe confidentiality or integrity impact.
Defensive priority
High: prioritize systems that still run the affected MES PC software stack or any MariaDB Server v10.9 and below instance identified in the advisory chain, especially where the service is exposed or operational uptime matters.
Recommended defensive actions
- Inventory Festo Didactic SE MES PC deployments and confirm whether the current Factory Control Panel release is installed.
- Obtain the current Factory Control Panel from Festo technical support as directed in the advisory ([email protected]) and plan deployment in a maintenance window.
- Identify any MariaDB Server v10.9 and below instances on affected systems and apply the vendor-provided fix path or replacement software as applicable.
- Plan for a restart of the vulnerable component during remediation, as the advisory marks restart as required for the vulnerable component.
- Apply CISA ICS recommended practices such as segmentation, defense in depth, and least-privilege access around the affected systems.
Evidence notes
Source material ties CVE-2022-27447 to Festo Didactic SE MES PC and states: 'MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.' The CVSS vector in the supplied advisory is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, supporting an availability-focused assessment. The remediation entry explicitly references Festo’s current Factory Control Panel and support contact. Timeline context: CVE published 2024-02-27 and CISA republication/modified record date is 2026-01-27; no CISA KEV entry is provided.
Official resources
-
CVE-2022-27447 CVE record
CVE.org
-
CVE-2022-27447 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory chain for ICSA-26-027-02, with initial publication on 2024-02-27 and CISA republication on 2026-01-27. The supplied enrichment does not mark this CVE as CISA KEV.