PatchSiren cyber security CVE debrief
CVE-2022-32087 Festo Didactic SE CVE debrief
CVE-2022-32087 is described in the supplied advisory corpus as a segmentation fault in MariaDB’s Item_args::walk_args, with CVSS 7.5 and a high impact to availability. The source record ties the CVE to Festo Didactic SE MES PC and points to a vendor replacement release for affected deployments.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Operators and maintainers of Festo Didactic SE MES PC systems, especially where the referenced Factory Control Panel / bundled MariaDB component is present. ICS defenders responsible for service availability should also treat this as a priority if the affected stack is deployed.
Technical summary
The advisory text states that MariaDB v10.2 through v10.7 can trigger a segmentation fault in Item_args::walk_args. The supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a network-reachable issue requiring no privileges or user interaction, with no confidentiality or integrity impact but significant availability impact. In the provided source metadata, the CVE is associated with Festo Didactic SE MES PC, and the remediation guidance points to a replacement Factory Control Panel release.
Defensive priority
High — prioritize validation and upgrade planning for any affected MES PC deployment because the issue is remotely reachable and can disrupt availability.
Recommended defensive actions
- Verify whether your MES PC deployment contains the affected MariaDB component or the referenced Factory Control Panel stack.
- Obtain and deploy the current Factory Control Panel version from Festo technical support as directed in the advisory source.
- Plan maintenance around the remediation, since the source indicates a restart is required for the vulnerable component.
- If immediate upgrading is not possible, reduce exposure of the affected system and monitor for service crashes or instability.
- Use the linked CISA and vendor advisory pages to confirm the exact affected product scope before making change plans.
Evidence notes
Based only on the supplied CISA CSAF source item (ICSA-26-027-02), the linked Festo advisory reference, and the official CVE record. The corpus says the vulnerability is a MariaDB segmentation fault in Item_args::walk_args affecting v10.2 to v10.7, and it associates the CVE with Festo Didactic SE MES PC. The source package also contains a product/description mismatch, so product attribution should be validated against the official advisory pages before actioning. Timing context used here is the CVE published date of 2024-02-27 and the CISA republication on 2026-01-27; the remediation entry dated 2023-05-26 should be read as fix availability in the source, not as the vulnerability date.
Official resources
-
CVE-2022-32087 CVE record
CVE.org
-
CVE-2022-32087 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published on 2024-02-27. CISA republishes the advisory on 2026-01-27. The source remediation entry is dated 2023-05-26 and reflects vendor fix availability in the corpus, not the vulnerability discovery date.