PatchSiren cyber security CVE debrief
CVE-2022-32084 Festo Didactic SE CVE debrief
CVE-2022-32084 is a high-severity availability issue tied in the CISA CSAF advisory to Festo Didactic SE’s MES PC environment. The source description says MariaDB v10.2 through v10.7 can hit a segmentation fault via sub_select, which can lead to service interruption. CISA’s remediation notes point to a replacement Factory Control Panel for XAMPP-based MES PCs.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and maintainers of Festo Didactic SE MES PC deployments, especially industrial or training environments that rely on the affected software stack. OT teams should also care if MES PCs are exposed to untrusted networks or support production-adjacent workflows where a crash would disrupt operations.
Technical summary
The advisory content links CVE-2022-32084 to a MariaDB segmentation fault condition in versions 10.2 through 10.7, triggered through the sub_select component. The published CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, so the documented impact is denial of service / availability loss rather than confidentiality or integrity compromise. In the CSAF record, the issue is associated with Festo Didactic SE’s MES PC product tree, and the remediation identifies a replacement Factory Control Panel for XAMPP on MES PCs.
Defensive priority
High. Treat this as a production-stability issue: even without evidence of code execution or data theft, a remotely reachable crash in an MES-adjacent environment can interrupt services and downstream workflows.
Recommended defensive actions
- Determine whether any Festo Didactic SE MES PC instances still use the affected XAMPP/MariaDB stack referenced by the advisory.
- Obtain and deploy the current Factory Control Panel version from Festo support, as the remediation notes state it includes fixes for these vulnerabilities.
- Prioritize update validation on systems that are network-reachable or operationally critical, since the documented impact is availability loss.
- Monitor affected hosts for MariaDB or application crashes, restart loops, and other service instability indicators.
- Follow CISA ICS recommended practices and defense-in-depth guidance for segmentation, access control, and hardening of industrial systems.
Evidence notes
The source item is the CISA CSAF advisory ICSA-26-027-02, first published on 2024-02-27 and later revised/republished through 2026-01-27. The advisory metadata lists Festo Didactic SE and MES PC as the mapped vendor/product, while the description states: “MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.” The remediation field states that Festo Didactic has released Factory Control Panel as a replacement for XAMPP on MES PCs and directs customers to technical support for the current version. No KEV listing is indicated in the supplied record.
Official resources
-
CVE-2022-32084 CVE record
CVE.org
-
CVE-2022-32084 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA’s CSAF record shows an initial publication date of 2024-02-27 and later modifications/republication through 2026-01-27. The supplied source does not indicate KEV inclusion or known ransomware use.