PatchSiren cyber security CVE debrief
CVE-2022-27448 Festo Didactic SE CVE debrief
CVE-2022-27448 is a high-severity availability issue associated in the supplied advisory corpus with Festo Didactic SE MES PC. The advisory text links the problem to an assertion failure in MariaDB Server v10.9 and below at /row/row0mysql.cc, which can cause the affected service to stop functioning. Festo’s remediation in the corpus points customers to a replacement Factory Control Panel release that includes fixes for the vulnerable stack.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Administrators and operators of Festo Didactic SE MES PC deployments, especially OT/ICS teams responsible for service availability and any environment that relies on the affected MariaDB/XAMPP-based component stack.
Technical summary
The source corpus describes CVE-2022-27448 as an assertion failure in MariaDB Server v10.9 and below, identified by the condition node->pcur->rel_pos == BTR_PCUR_ON in /row/row0mysql.cc. The published CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a remotely reachable issue with no privileges or user interaction required and a high availability impact. In the CISA republication for Festo Didactic SE MES PC, the vendor remediation states that Factory Control Panel replaces XAMPP on MES PCs and includes fixes for these vulnerabilities.
Defensive priority
High
Recommended defensive actions
- Inventory MES PC deployments and confirm whether the affected MariaDB/XAMPP-based stack is present.
- Obtain and deploy the current Factory Control Panel release through Festo technical support, per the vendor remediation in the advisory corpus.
- Prioritize remediation on production and safety-relevant systems, and schedule changes during a maintenance window.
- Monitor for MariaDB assertion crashes, unexpected restarts, or service interruption on MES PC hosts.
- Apply ICS network-reduction and defense-in-depth measures to limit unnecessary reachability to the affected service.
Evidence notes
Primary evidence comes from the CISA CSAF source item and the linked official references. The corpus ties CVE-2022-27448 to a MariaDB assertion failure in /row/row0mysql.cc and lists Festo Didactic SE MES PC as the affected product. The remediation entry states that Factory Control Panel is the replacement for XAMPP on MES PCs and includes fixes. The corpus does not provide exploit code, a weaponized reproduction path, or threat-actor reporting, so the debrief is limited to the documented availability impact and vendor-recommended mitigation. Note that the source corpus also shows a component-level wording that references MariaDB while the advisory product is MES PC; that relationship may warrant manual review if you need deployment-specific validation.
Official resources
-
CVE-2022-27448 CVE record
CVE.org
-
CVE-2022-27448 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published 2024-02-27; CISA source republication/modification history shows updates through 2026-01-27. The vendor remediation date in the corpus is 2023-05-26, and it should be treated as the fix availability date, not the CVE issue or