PatchSiren cyber security CVE debrief
CVE-2022-27451 Festo Didactic SE CVE debrief
CVE-2022-27451 is a high-severity availability issue associated with a MariaDB Server segmentation fault in the sql/field_conv.cc component. In the Festo Didactic SE MES PC advisory context, the issue is published as an industrial control systems advisory and mapped to MES PC, with Festo recommending replacement of XAMPP with Factory Control Panel. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a network-reachable denial-of-service impact with no confidentiality or integrity impact scored.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Administrators, engineers, and support teams responsible for Festo Didactic SE MES PC deployments should review this advisory, especially where the affected environment uses the vulnerable MariaDB/XAMPP stack referenced in the source material. OT/ICS defenders should also treat this as an availability-focused issue and verify any dependent training, lab, or control-support systems.
Technical summary
The source corpus describes a segmentation fault in MariaDB Server v10.9 and below, specifically via sql/field_conv.cc. The associated CVSS vector rates the issue as network exploitable, low complexity, requiring no privileges or user interaction, and producing high availability impact only. In the Festo advisory, remediation is centered on moving MES PCs from XAMPP to Factory Control Panel, which Festo says includes fixes for the vulnerability set referenced by the advisory.
Defensive priority
High for any exposed or operationally important MES PC deployment, because the issue is remotely reachable and can take down the affected service. Priority is especially elevated where downtime would disrupt industrial training, lab operations, or other availability-sensitive functions.
Recommended defensive actions
- Identify MES PC systems covered by the Festo advisory and confirm whether they are using the vulnerable MariaDB/XAMPP-related stack described in the source.
- Obtain and deploy the current Factory Control Panel version from Festo technical support as recommended in the advisory.
- Plan a maintenance window and verify whether a restart is required for the vulnerable component after remediation.
- Validate that MES PC functionality remains intact after the update or replacement and confirm the vulnerable component is no longer in use.
- Apply CISA ICS defense-in-depth and recommended-practices guidance to reduce the impact of availability-focused failures.
Evidence notes
The source item is a CISA CSAF republication of the Festo Didactic SE MES PC advisory. The corpus explicitly states: 'MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.' The remediation section states that Festo Didactic released Factory Control Panel as a replacement for XAMPP on its MES PCs and instructs customers to contact technical support for the current version. Revision history shows the original advisory publication date as 2024-02-27, with later republication history on 2026-01-27. This debrief uses the CVE publication date from the supplied timeline.
Official resources
-
CVE-2022-27451 CVE record
CVE.org
-
CVE-2022-27451 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory publication date supplied by the corpus is 2024-02-27. The source record also shows a later CISA republication on 2026-01-27, which should not be treated as the original CVE date.