PatchSiren cyber security CVE debrief
CVE-2023-27522 Festo Didactic SE CVE debrief
CVE-2023-27522 is a high-severity HTTP response smuggling issue in Apache HTTP Server's mod_proxy_uwsgi path. The advisory says special characters in the origin response header can truncate or split the response forwarded to the client. CISA's CSAF advisory maps the issue to Festo Didactic SE's MES PC environment and points to a replacement product, Factory Control Panel, as the vendor remediation.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Administrators and support teams responsible for Festo Didactic SE MES PC deployments, plus anyone running Apache HTTP Server 2.4.30 through 2.4.55 with mod_proxy_uwsgi enabled. Security teams should review exposed web front ends and any upstream proxy chains that depend on this module.
Technical summary
The vulnerable condition is in Apache HTTP Server via mod_proxy_uwsgi. According to the advisory, special characters in an origin response header can cause the forwarded response to be truncated or split before reaching the client. The affected Apache versions are 2.4.30 through 2.4.55. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, scoring 7.5.
Defensive priority
High. The issue is network-reachable, requires no privileges or user interaction, and is rated High by CVSS. Treat it as priority remediation for any affected Apache deployments and for MES PC systems that depend on the vulnerable stack.
Recommended defensive actions
- Inventory Apache HTTP Server deployments and confirm whether mod_proxy_uwsgi is enabled on versions 2.4.30 through 2.4.55.
- Apply the vendor-provided remediation path referenced in the advisory; for MES PCs, obtain the current Factory Control Panel version from Festo technical support.
- Replace or upgrade affected components before re-exposing the service to users or upstream systems.
- Validate reverse proxy and backend response handling after remediation to ensure the smuggling condition is no longer present.
- Use CISA ICS recommended practices to reduce exposure and improve segmentation, monitoring, and change control around the affected service.
Evidence notes
Source evidence comes from the CISA CSAF advisory ICSA-26-027-02 and its referenced material. The advisory text states that the issue affects Apache HTTP Server 2.4.30 through 2.4.55 and that special characters in the origin response header can truncate or split the response forwarded to the client. The source also lists Festo Didactic SE MES PC as the affected product context and identifies Factory Control Panel as the remediation path. The CVSS vector supplied in the advisory is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Official resources
-
CVE-2023-27522 CVE record
CVE.org
-
CVE-2023-27522 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory context is the CISA republication of the Festo Didactic SE MES PC CSAF record on 2024-02-27, with later advisory revision history captured in the source metadata. No exploit code or weaponized reproduction details are 포함.