PatchSiren cyber security CVE debrief
CVE-2022-31628 Festo Didactic SE CVE debrief
CVE-2022-31628 is a denial-of-service issue in PHP PHAR uncompression logic. In affected PHP versions, specially structured gzip "quines" could trigger recursive uncompression and an infinite loop, which the advisory ties to Festo Didactic SE MES PC deployments and addresses through a replacement Factory Control Panel release.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Administrators and support teams responsible for Festo Didactic SE MES PC systems, especially environments still using the older XAMPP-based software stack or bundled PHP components. Industrial and lab systems that cannot tolerate process hangs or local denial-of-service conditions should prioritize review.
Technical summary
The source advisory states that PHP versions before 7.4.31, 8.0.24, and 8.1.11 were affected by phar uncompressor behavior that could recursively uncompress gzip "quines," resulting in an infinite loop. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, reflecting a local attack requiring limited privileges and producing high availability impact. The CISA CSAF record associates the issue with Festo Didactic SE MES PC and notes that Factory Control Panel is the replacement for XAMPP on these MES PCs.
Defensive priority
Medium. The issue is not rated critical and requires local access, but it can still cause a sustained hang or denial of service on affected systems. For MES PC deployments, confirm the vendor-provided replacement or updated build is in place rather than relying on vulnerable PHP components.
Recommended defensive actions
- Confirm whether any MES PC systems still include affected PHP versions or older XAMPP-based software.
- Obtain and deploy the current Factory Control Panel version from Festo technical support, as listed in the advisory remediation.
- Validate that the environment no longer uses PHP versions earlier than 7.4.31, 8.0.24, or 8.1.11 where applicable.
- Limit local access and privileged use on affected hosts to reduce exposure to local denial-of-service conditions.
- Review systems for unexpected hangs or repeated process restarts that could indicate availability impact from this class of issue.
Evidence notes
All substantive claims here are drawn from the supplied CISA CSAF source item and its referenced official records. The advisory description identifies the PHP PHAR recursive uncompression infinite loop, the CVSS vector indicates local availability-only impact, and the remediation states that Festo released Factory Control Panel as a replacement for XAMPP on MES PCs. No KEV listing is present in the supplied corpus.
Official resources
-
CVE-2022-31628 CVE record
CVE.org
-
CVE-2022-31628 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied advisory record was published on 2024-02-27, with later source revisions captured in the metadata. The vendor remediation noted in the corpus is dated 2023-05-26, and the issue was republished by CISA in the provided source set