PatchSiren cyber security CVE debrief
CVE-2022-27455 Festo Didactic SE CVE debrief
CVE-2022-27455 is a high-severity use-after-free issue associated with MariaDB Server v10.6.3 and below, identified in CISA’s advisory for Festo Didactic SE MES PC. The supplied advisory data ties the affected environment to MES PC systems and recommends moving to the Factory Control Panel replacement that includes fixes. The published CVSS vector indicates a network-reachable, no-privileges, no-user-interaction availability impact, so operators should treat this as a service-disruption risk rather than a confidentiality or integrity issue.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC administrators, OT/ICS operators, plant engineers, and security teams responsible for systems that include the affected MariaDB-based component or the Factory Control Panel/XAMPP replacement path.
Technical summary
The source describes a use-after-free in MariaDB Server v10.6.3 and below, specifically in my_wildcmp_8bit_impl within /strings/ctype-simple.c. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which means the issue is remotely reachable, does not require privileges or user interaction, and primarily affects availability. The advisory’s CWE reference is CWE-416 (Use After Free). In the advisory context, Festo Didactic SE MES PC is the affected product family, and the remediation points to Factory Control Panel as the replacement path with fixes.
Defensive priority
High. The vulnerability is network-exploitable and can cause high availability impact, so it should be prioritized for environments that still rely on the affected MES PC software stack.
Recommended defensive actions
- Inventory Festo Didactic SE MES PC deployments and determine whether the affected MariaDB-based component is present.
- Apply the vendor-provided replacement path: obtain the current Factory Control Panel version from Festo technical support as directed in the advisory.
- Plan maintenance windows and verify service restart requirements before changing vulnerable components.
- Follow CISA ICS recommended practices to segment OT assets, limit unnecessary network exposure, and reduce blast radius while remediation is underway.
- Validate the updated system after replacement and confirm the vulnerable component is no longer in use.
Evidence notes
The advisory source is CISA’s CSAF item for CVE-2022-27455, published 2024-02-27 and republished on 2026-01-27 as part of a later advisory revision history. The source description states: “MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.” The remediations section says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and directs customers to contact technical support for the current version. No KEV entry or in-the-wild ransomware use is provided in the supplied corpus.
Official resources
-
CVE-2022-27455 CVE record
CVE.org
-
CVE-2022-27455 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory only. The supplied corpus does not indicate KEV listing, confirmed active exploitation, or ransomware campaign use. Timing should be read from the CVE/advisory publication dates in the source data, not from the later source-