CVE-2022-32082 Festo Didactic SE CVE debrief

Who should care

Operators of Festo Didactic SE MES PC systems, OT/ICS administrators, and support teams responsible for the bundled MariaDB/XAMPP environment should care most.

Technical summary

The advisory content links CVE-2022-32082 to an assertion failure at `table->get_ref_count() == 0` in `dict0dict.cc` affecting MariaDB v10.5 to v10.7. The published CVSS vector is `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`, indicating a network-reachable condition with no required privileges or user interaction and a primary impact of denial of service via availability loss. The source remediation states that Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs.

Defensive priority

High

Recommended defensive actions

• Identify MES PC deployments that use the affected MariaDB/XAMPP-based stack or the older Factory Control Panel components mentioned in the advisory.
• Obtain and deploy the current Factory Control Panel package from Festo Didactic technical support as directed in the remediation guidance.
• Plan updates during a maintenance window and verify service restart requirements for the vulnerable component.
• Confirm the fixed package is installed on all applicable MES PCs and document version status.
• Monitor affected systems for unexpected application crashes or restart loops until remediation is complete.

Evidence notes

The source advisory for Festo Didactic SE MES PC states: 'MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.' The remediation field says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and directs customers to technical support for the current version. The advisory metadata includes CVSS 3.1 vector `AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`, consistent with a network-reachable availability impact. Published date in the source corpus is 2024-02-27, with a later CISA republication on 2026-01-27.

Official resources