PatchSiren cyber security CVE debrief
CVE-2022-32089 Festo Didactic SE CVE debrief
CVE-2022-32089 is a high-severity availability issue in the supplied advisory corpus. The source item ties the CVE to Festo Didactic SE MES PC and states that MariaDB v10.5 through v10.7 can trigger a segmentation fault in st_select_lex_unit::exclude_level. Festo’s remediation is to replace XAMPP on MES PCs with the current Factory Control Panel release obtained through technical support.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Organizations running Festo Didactic MES PC deployments, especially administrators responsible for the underlying XAMPP/MariaDB stack and anyone maintaining production MES endpoints.
Technical summary
The supplied CSAF advisory metadata describes CVE-2022-32089 as a segmentation fault affecting MariaDB v10.5 to v10.7, with the crash occurring in st_select_lex_unit::exclude_level. The CVSS vector supplied with the advisory is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a remotely reachable, low-complexity denial-of-service condition with availability impact only. The advisory corpus associates the issue with Festo Didactic MES PC and recommends moving to Factory Control Panel as the replacement for XAMPP.
Defensive priority
High for affected MES PC environments, because the issue is network-reachable, requires no privileges or user interaction per the supplied CVSS vector, and can disrupt availability.
Recommended defensive actions
- Inventory MES PC systems and confirm whether the affected XAMPP/MariaDB stack is present.
- Obtain and deploy the current Factory Control Panel release through Festo technical support as the vendor-recommended replacement.
- Plan a maintenance window for replacement and any required restart of the vulnerable component.
- Verify that vulnerable MES PC services are no longer exposed where they are not operationally required.
Evidence notes
The corpus provides a CISA CSAF republished advisory dated 2026-01-27 that points back to the original 2024-02-27 publication date. The advisory notes specifically say: 'MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.' The remediation field says Festo Didactic released Factory Control Panel as a replacement for XAMPP on MES PCs and directs customers to technical support for the current version. No exploitation details, proof-of-concept code, or incident reporting are included in the supplied source material. The provided enrichment does not list this CVE in KEV.
Official resources
-
CVE-2022-32089 CVE record
CVE.org
-
CVE-2022-32089 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF republication dated 2026-01-27 of the original advisory content; this debrief uses the supplied CVE publishedAt value of 2024-02-27 as the issue date context. The supplied enrichment indicates the CVE is not KEV-listed.