PatchSiren cyber security CVE debrief
CVE-2022-31626 Festo Didactic SE CVE debrief
CVE-2022-31626 is a high-severity PHP buffer overflow affecting pdo_mysql with the mysqlnd driver in PHP 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7. In the supplied CISA CSAF advisory for Festo Didactic SE MES PC, the issue is described as potentially leading to remote code execution when a third party can supply the connection host and password and the password is excessively long. Festo’s remediation guidance points users to a replacement Factory Control Panel version that includes fixes.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and administrators of Festo Didactic SE MES PC deployments, especially environments using PHP with pdo_mysql/mysqlnd; security teams responsible for third-party-supplied database connection parameters; and anyone running the affected PHP versions in an ICS or industrial software context.
Technical summary
The supplied advisory states that PHP versions below 7.4.30, 8.0.20, and 8.1.7 are affected when pdo_mysql uses mysqlnd and a third party can provide the connection host and password. Under those conditions, an excessively long password can trigger a buffer overflow in PHP. The cited CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8 High), indicating network-reachable impact with potential confidentiality, integrity, and availability consequences. The Festo CSAF remediation says Factory Control Panel replaces XAMPP on MES PCs and includes fixes; contact Festo technical support for the current version.
Defensive priority
Immediate. Prioritize this if your MES PC environment depends on affected PHP builds or accepts untrusted database connection input, because the advisory describes a potential remote code execution path.
Recommended defensive actions
- Identify whether any MES PC or related application uses PHP versions below 7.4.30, 8.0.20, or 8.1.7 with pdo_mysql and the mysqlnd driver.
- Review any code or workflows that let third parties supply database host or password values; remove that trust path where possible.
- Upgrade to a fixed PHP release or deploy the vendor-provided Factory Control Panel version noted in the Festo remediation guidance.
- If your MES PC currently uses XAMPP, validate migration to the replacement Factory Control Panel and confirm the fixed version from Festo support.
- Apply strict input validation and length controls for connection parameters, and avoid accepting untrusted connection details from external parties.
- After remediation, retest the MES PC application path that establishes database connections to confirm the fixed version behaves as expected.
Evidence notes
All core claims come from the supplied CISA CSAF advisory metadata and description for ICSA-26-027-02 / CVE-2022-31626, plus the referenced Festo remediation note. The source data includes the affected PHP version thresholds, the pdo_mysql/mysqlnd condition, the excessive-password buffer overflow description, and the vendor guidance to obtain the current Factory Control Panel version from Festo support. No Known Exploited Vulnerabilities entry or ransomware linkage is present in the supplied corpus.
Official resources
-
CVE-2022-31626 CVE record
CVE.org
-
CVE-2022-31626 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2024-02-27, with a later CISA republication recorded on 2026-01-27. No KEV publication date is provided in the supplied data.