PatchSiren cyber security CVE debrief
CVE-2022-31629 Festo Didactic SE CVE debrief
CVE-2022-31629 affects PHP versions before 7.4.31, 8.0.24, and 8.1.11 and is mapped in the supplied advisory corpus to Festo Didactic SE MES PC. The issue can let a network or same-site attacker set a standard insecure cookie that PHP applications treat as a __Host- or __Secure- cookie, which can undermine application integrity and session handling. The advisory data cites a vendor replacement path for MES PCs and lists a current Factory Control Panel release as the fix path. The CVE was published on 2024-02-27, and CISA republished the advisory on 2026-01-27.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
MES PC operators and administrators, OT/industrial environments running Festo Didactic software components, and security teams responsible for browser-based authentication, session integrity, and PHP-backed web applications.
Technical summary
The supplied source describes a cookie confusion issue in affected PHP releases: an attacker on the network or same site can cause a browser to store a standard insecure cookie that PHP applications interpret as if it were protected by the __Host- or __Secure- prefix rules. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating remote reach, no privileges required, user interaction required, and integrity impact only. In the provided CSAF advisory, Festo Didactic links remediation to a Factory Control Panel replacement for XAMPP on MES PCs and specifies fixed PHP versions of 7.4.31, 8.0.24, and 8.1.11 as the upstream boundary for the flaw.
Defensive priority
Medium. The issue is remotely reachable and can affect trust in secure-cookie semantics, but it requires user interaction and the supplied impact is integrity-focused rather than confidentiality or availability loss.
Recommended defensive actions
- Upgrade to the current Factory Control Panel release provided by Festo Didactic, using the vendor support contact listed in the advisory.
- Inventory MES PCs and any bundled PHP/XAMPP components, then verify PHP is at least 7.4.31, 8.0.24, or 8.1.11, or an equivalent vendor-fixed build.
- Review applications that rely on __Host- or __Secure- cookie behavior and confirm session and cookie assumptions still hold after patching.
- Prioritize remediation on systems that expose browser-based authentication or operator workflows.
- Track the linked Festo and CISA advisory pages for any follow-up guidance or updated remediation notes.
- Restart the vulnerable component if required by the vendor update process.
Evidence notes
The debrief is based only on the supplied CSAF advisory corpus and linked official records. The source metadata records initial publication on 2024-02-27 and a CISA republication on 2026-01-27; that later date is a modification/republication timestamp, not the original vulnerability date. The corpus also includes a vendor_fix entry dated 2023-05-26 and maps the issue to Festo Didactic SE MES PC with a high-confidence product association.
Official resources
-
CVE-2022-31629 CVE record
CVE.org
-
CVE-2022-31629 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published in the supplied record on 2024-02-27 and republished by CISA on 2026-01-27. The advisory corpus contains no KEV listing and no ransomware-campaign attribution.