PatchSiren cyber security CVE debrief
CVE-2022-27452 Festo Didactic SE CVE debrief
CVE-2022-27452 is a high-severity availability issue in the supplied advisory corpus. The source record ties the finding to Festo Didactic SE MES PC and describes a MariaDB Server v10.9-and-below segmentation fault in sql/item_cmpfunc.cc. The assigned CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a network-reachable denial-of-service condition with no confidentiality or integrity impact in the scoring provided. The advisory also states that Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and directs customers to vendor support for the current version containing fixes.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and maintainers of Festo Didactic SE MES PC environments, especially sites that still rely on the affected XAMPP/MariaDB-based component stack, should treat this as a priority availability issue. Industrial control and training environments that depend on continuous MES PC uptime should also review exposure and update planning.
Technical summary
The source advisory describes a segmentation fault affecting MariaDB Server v10.9 and below, referenced through the component path sql/item_cmpfunc.cc. In the supplied CSAF record, the issue is associated with Festo Didactic SE MES PC and scored as CVSS 7.5 HIGH, with network attack vector, low complexity, no privileges, and no user interaction. The remediation entry says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and advises contacting technical support for the current version that includes fixes.
Defensive priority
High
Recommended defensive actions
- Inventory Festo Didactic MES PC deployments and confirm whether the affected software stack is present.
- Obtain the vendor-supplied Factory Control Panel replacement or current fixed version through Festo technical support.
- Treat the issue as an availability risk: plan for service interruption, recovery, and maintenance windows before applying changes.
- Verify any embedded MariaDB/XAMPP components are updated or replaced according to vendor guidance.
- Restrict network access to MES PC management services and segment industrial systems to reduce exposure.
- Monitor affected hosts for unexpected crashes or restarts and review logs for repeated segmentation faults.
- Document the remediation path and confirm post-update stability before returning systems to normal operation.
Evidence notes
This debrief is based only on the supplied CISA CSAF source item and the listed official references. The advisory metadata identifies the record as ICSA-26-027-02 / CVE-2022-27452, published 2024-02-27 and republished with later revisions. The source description explicitly states: 'MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.' The remediation section states that Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and instructs customers to contact [email protected] for the current fixed version. No KEV entry or ransomware linkage is present in the supplied corpus.
Official resources
-
CVE-2022-27452 CVE record
CVE.org
-
CVE-2022-27452 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied advisory corpus indicates an initial publication date of 2024-02-27 and a later CISA republication on 2026-01-27. This debrief uses the published CVE/advisory dates from the source record for timing context and does not infer a