PatchSiren cyber security CVE debrief
CVE-2022-27457 Festo Didactic SE CVE debrief
CVE-2022-27457 is a high-severity use-after-free reported in MariaDB Server v10.6.3 and below, specifically in my_mb_wc_latin1 within /strings/ctype-latin1.c. In the supplied CISA CSAF advisory, the issue is associated with Festo Didactic SE MES PC, and the vendor remediation is to move from XAMPP to the current Factory Control Panel version that includes fixes. The source item was first published on 2024-02-27 and later republished on 2026-01-27; that later date is a document revision, not the original issue date.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic MES PC operators, OT/ICS administrators, and support teams responsible for systems that still rely on the affected MariaDB/XAMPP-based stack.
Technical summary
The supplied record describes a CWE-416 use-after-free in MariaDB Server v10.6.3 and below, at my_mb_wc_latin1 in /strings/ctype-latin1.c. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable condition with high availability impact and no listed confidentiality or integrity impact. The corpus does not provide exploitation details beyond this classification.
Defensive priority
High. The score is 7.5 and the CVSS vector indicates no privileges or user interaction, so affected deployments should be prioritized for remediation. There is no KEV listing or threat-campaign attribution in the supplied source corpus, so this is urgent from a patch-management perspective rather than an emergency exploit-response event.
Recommended defensive actions
- Confirm whether any MES PC deployments still use the affected MariaDB/XAMPP-based configuration.
- Obtain and deploy the current Festo Factory Control Panel version from Festo technical support, as the advisory says it replaces XAMPP and includes fixes.
- Plan maintenance for the vulnerable component, including any required restart or service reload.
- Limit exposure of affected OT/ICS systems and follow CISA ICS recommended practices for segmentation and defense in depth.
- Validate the remediation on a test system and verify the updated version is actually in place before returning the system to service.
Evidence notes
This debrief is constrained to the supplied CISA CSAF advisory and the linked official references. The advisory text ties the vulnerability description to MariaDB Server v10.6.3 and below, while the product context is Festo Didactic SE MES PC; that scope should be read from the advisory rather than inferred beyond the corpus. The source item shows initial publication on 2024-02-27 and a later CISA republication on 2026-01-27. No KEV entry, ransomware association, or exploit code is present in the supplied material.
Official resources
-
CVE-2022-27457 CVE record
CVE.org
-
CVE-2022-27457 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2024-02-27 and later republished on 2026-01-27. The supplied corpus does not indicate KEV inclusion, known ransomware use, or active exploitation details.