PatchSiren cyber security CVE debrief
CVE-2022-32083 Festo Didactic SE CVE debrief
CVE-2022-32083 describes a segmentation fault in MariaDB (v10.2 through v10.6.1) that can affect Festo Didactic SE MES PC deployments. The supplied advisory ties the issue to a high-availability-impact condition rather than data theft or tampering, and it recommends moving to the vendor-provided Factory Control Panel replacement that includes fixes.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Organizations running Festo Didactic SE MES PC, especially environments that expose or rely on the bundled database stack. OT/ICS operators, system administrators, and defenders responsible for service continuity should prioritize validation and remediation.
Technical summary
The advisory text identifies a crash condition in MariaDB's Item_subselect::init_expr_cache_tracker path. In the supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), the primary risk is remote availability loss: an unauthenticated network-originated condition can trigger a segmentation fault and disrupt the affected service. The source corpus associates the issue with Festo Didactic SE MES PC and states that Factory Control Panel is the replacement product containing fixes.
Defensive priority
High. The issue is network-reachable in the supplied CVSS vector and impacts availability only, which can still be operationally significant for MES/OT deployments. Prioritize if MES PC is deployed in production or if service outage would affect training, monitoring, or control workflows.
Recommended defensive actions
- Inventory all Festo Didactic SE MES PC installations and confirm whether they use the affected MariaDB-based component path.
- Contact Festo technical support at [email protected] to obtain the current Factory Control Panel version referenced in the advisory.
- Upgrade or replace vulnerable deployments with the vendor-provided Factory Control Panel build that includes the fixes.
- Restrict network exposure to the affected service and segment OT/ICS systems to reduce reachability.
- Monitor affected systems for unexpected crashes, restarts, or service interruptions until remediation is complete.
- Verify backups and recovery procedures so a crash-driven outage can be restored quickly.
Evidence notes
The source corpus is a CISA CSAF advisory (ICSA-26-027-02) republished from a Festo advisory and published on 2024-02-27, with a later republication on 2026-01-27. The advisory description states: 'MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.' The vendor/product context in the supplied source maps the issue to Festo Didactic SE MES PC, and the remediation notes name Factory Control Panel as the replacement product that includes fixes. No KEV listing is present in the supplied enrichment.
Official resources
-
CVE-2022-32083 CVE record
CVE.org
-
CVE-2022-32083 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2024-02-27; the record was later republished/modified on 2026-01-27. No KEV entry is present in the supplied data.