PatchSiren cyber security CVE debrief
CVE-2022-32088 Festo Didactic SE CVE debrief
CVE-2022-32088 is a high-severity availability issue mapped in CISA’s CSAF advisory for Festo Didactic SE MES PC. The advisory description states that MariaDB v10.2 through v10.7 can hit a segmentation fault in filesort-related execution paths, and the vendor remediation points users to Festo’s Factory Control Panel replacement for the older XAMPP-based setup on MES PCs.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Festo Didactic SE MES PC operators, OT/industrial environment administrators, and support teams responsible for systems that include the affected MariaDB/XAMPP component chain.
Technical summary
The source advisory links CVE-2022-32088 to a MariaDB segmentation fault affecting versions 10.2 through 10.7, with the described code paths being Exec_time_tracker::get_loops and Filesort_tracker::report_use/filesort. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network-reachable, no-authentication impact with availability loss only. In the Festo advisory context, the issue is associated with MES PC deployments and the recommended vendor fix is a replacement Factory Control Panel package that includes the relevant corrections.
Defensive priority
High. The issue is network-reachable and can cause service interruption, so it deserves prompt patching or replacement in production MES PC environments.
Recommended defensive actions
- Inventory MES PC systems and identify any deployments still using the older XAMPP-based component stack referenced by the advisory.
- Obtain and deploy the current Factory Control Panel from Festo technical support as directed in the remediation guidance.
- Plan for a service restart or maintenance window during remediation, since the advisory flags restart requirements for the vulnerable component.
- After updating, verify the affected service path is stable and monitor for unexpected crashes or availability degradation.
- Apply OT network segmentation and exposure reduction around MES systems in line with CISA recommended practices.
Evidence notes
The CVE was published on 2024-02-27, and the supplied source history shows later advisory revisions and a 2026 republication date; those are advisory timeline events, not the issue date. The source corpus does not indicate KEV listing or known ransomware use. The advisory content ties a MariaDB segfault description to Festo Didactic SE MES PC remediation through a Factory Control Panel replacement, suggesting an embedded-component exposure rather than a standalone MariaDB product bulletin.
Official resources
-
CVE-2022-32088 CVE record
CVE.org
-
CVE-2022-32088 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory information indicates no KEV listing and no known ransomware campaign association in the supplied corpus. The advisory was initially published on 2024-02-27 and later republished/revised in the CISA CSAF history; the later 2