These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-27522 is a high-severity HTTP response smuggling issue in Apache HTTP Server's mod_proxy_uwsgi path. The advisory says special characters in the origin response header can truncate or split the response forwarded to the client. CISA's CSAF advisory maps the issue to Festo Didactic SE's MES PC environment and points to a replacement product, Factory Control Panel, as the vendor remediation.
CVE-2023-25727 is an authenticated cross-site scripting issue in phpMyAdmin’s drag-and-drop import flow. In the supplied advisory corpus, the CVE is associated with Festo Didactic SE MES PC deployments and a vendor replacement path for the affected XAMPP-based component. Organizations should treat this as a browser-side injection risk that can affect logged-in users who handle imports or administration tasks.
CVE-2023-25690 is a critical HTTP request smuggling issue in Apache HTTP Server 2.4.0 through 2.4.55 when mod_proxy is paired with certain RewriteRule or ProxyPassMatch configurations that reinsert user-controlled URL data into a proxied request-target. In the Festo Didactic MES PC advisory, the vendor points users to a fixed Factory Control Panel replacement for XAMPP and recommends moving to a patched v [truncated]
CVE-2023-0662 describes a denial-of-service condition in PHP where an excessive number of parts in an HTTP form upload can drive high resource consumption and excessive log generation. The result can be CPU exhaustion or disk-space exhaustion on affected servers; the supplied Festo/CISA advisory frames this issue in an MES PC context and points to a replacement Factory Control Panel release as the vendor [truncated]
CVE-2023-0568 is a high-severity PHP path-resolution flaw in which the core function can allocate a buffer one byte too small. When a path length is close to the system MAXPATHLEN setting, the byte after the allocated buffer may be overwritten with a NUL value, which the advisory says could lead to unauthorized data access or modification. CISA’s CSAF record applies this CVE in the context of Festo Didact [truncated]
CVE-2023-0567 describes a PHP password verification weakness that can matter in Festo Didactic SE MES PC deployments when affected PHP versions and malformed Blowfish hashes are present. In PHP 8.0.x before 8.0.28, 8.1.x before 8.1.16, and 8.2.x before 8.2.3, password_verify() may accept some invalid Blowfish hashes as valid. If one of those invalid hashes is stored in a password database, an application [truncated]
CVE-2022-4900 is a medium-severity heap buffer overflow in PHP that can be triggered when the PHP_CLI_SERVER_WORKERS environment variable is set to a large value. In the CISA CSAF advisory, the issue is tied to Festo Didactic SE’s MES PC environment and the replacement Factory Control Panel for MES PCs. The published vector indicates availability impact only, with local attack conditions and low complexity.
CVE-2022-37436 affects Apache HTTP Server versions prior to 2.4.55 and was published by CISA in the Festo Didactic SE MES PC advisory on 2024-02-27. A malicious backend can cut response headers short, which can move some later headers into the response body. If those later headers were meant to provide security controls, the client will not interpret them. Festo’s remediation notes point operators to a Fa [truncated]
CVE-2022-36760 is a critical HTTP request smuggling issue in Apache HTTP Server’s mod_proxy_ajp component. The advisory states that inconsistent interpretation of HTTP requests can let an attacker smuggle requests to the AJP backend the proxy forwards to. In the CISA advisory context, the affected product is Festo Didactic SE MES PC. The vendor remediation points MES PC users to a replacement, Factory Con [truncated]
CVE-2022-32091 is a high-severity memory-safety issue described in CISA’s advisory materials for Festo Didactic SE MES PC. The source text says MariaDB v10.7 can hit a use-after-poison in __interceptor_memset, and the vendor remediation points MES PC users to Festo’s Factory Control Panel replacement for XAMPP. For defenders, the key question is whether any MES PC deployment still includes the affected Ma [truncated]
CVE-2022-32089 is a high-severity availability issue in the supplied advisory corpus. The source item ties the CVE to Festo Didactic SE MES PC and states that MariaDB v10.5 through v10.7 can trigger a segmentation fault in st_select_lex_unit::exclude_level. Festo’s remediation is to replace XAMPP on MES PCs with the current Factory Control Panel release obtained through technical support.
CVE-2022-32088 is a high-severity availability issue mapped in CISA’s CSAF advisory for Festo Didactic SE MES PC. The advisory description states that MariaDB v10.2 through v10.7 can hit a segmentation fault in filesort-related execution paths, and the vendor remediation points users to Festo’s Factory Control Panel replacement for the older XAMPP-based setup on MES PCs.
CVE-2022-32087 is described in the supplied advisory corpus as a segmentation fault in MariaDB’s Item_args::walk_args, with CVSS 7.5 and a high impact to availability. The source record ties the CVE to Festo Didactic SE MES PC and points to a vendor replacement release for affected deployments.
CVE-2022-32086 is published as a high-severity advisory tied in the source corpus to Festo Didactic SE MES PC. The advisory describes a segmentation fault condition and rates the issue as availability-only impact with a CVSS 3.1 score of 7.5. For defenders, the practical concern is service interruption on exposed or managed MES PC environments rather than data theft or integrity loss.
CVE-2022-32085 is a high-severity availability issue in the MariaDB component referenced by the Festo Didactic SE MES PC advisory. The reported fault can trigger a segmentation fault in Item_func_in::cleanup/Item::cleanup_processor, which can lead to denial of service. Festo states that its Factory Control Panel replacement for XAMPP on MES PCs includes fixes for the affected vulnerabilities.
CVE-2022-32084 is a high-severity availability issue tied in the CISA CSAF advisory to Festo Didactic SE’s MES PC environment. The source description says MariaDB v10.2 through v10.7 can hit a segmentation fault via sub_select, which can lead to service interruption. CISA’s remediation notes point to a replacement Factory Control Panel for XAMPP-based MES PCs.
CVE-2022-32083 describes a segmentation fault in MariaDB (v10.2 through v10.6.1) that can affect Festo Didactic SE MES PC deployments. The supplied advisory ties the issue to a high-availability-impact condition rather than data theft or tampering, and it recommends moving to the vendor-provided Factory Control Panel replacement that includes fixes.
CVE-2022-32082 is a high-severity denial-of-service issue described in a CISA advisory for Festo Didactic SE MES PC. The source notes an assertion failure in MariaDB v10.5 through v10.7, which can affect availability rather than confidentiality or integrity. Festo’s remediation guidance points operators to a replacement Factory Control Panel package for MES PCs.
CVE-2022-32081 is a high-severity memory-corruption flaw described in the source advisory as a use-after-poison in MariaDB v10.4 through v10.7, specifically in prepare_inplace_add_virtual within /storage/innobase/handler/handler0alter.cc. In the supplied CISA CSAF record, this CVE appears in the context of Festo Didactic SE MES PC and a vendor replacement path that moves customers from XAMPP to Factory Co [truncated]
CVE-2022-31629 affects PHP versions before 7.4.31, 8.0.24, and 8.1.11 and is mapped in the supplied advisory corpus to Festo Didactic SE MES PC. The issue can let a network or same-site attacker set a standard insecure cookie that PHP applications treat as a __Host- or __Secure- cookie, which can undermine application integrity and session handling. The advisory data cites a vendor replacement path for ME [truncated]
CVE-2022-31628 is a denial-of-service issue in PHP PHAR uncompression logic. In affected PHP versions, specially structured gzip "quines" could trigger recursive uncompression and an infinite loop, which the advisory ties to Festo Didactic SE MES PC deployments and addresses through a replacement Factory Control Panel release.
CVE-2022-31626 is a high-severity PHP buffer overflow affecting pdo_mysql with the mysqlnd driver in PHP 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7. In the supplied CISA CSAF advisory for Festo Didactic SE MES PC, the issue is described as potentially leading to remote code execution when a third party can supply the connection host and password and the password is excessively long. Fes [truncated]
CVE-2022-31625 describes a memory-safety flaw in PHP’s PostgreSQL extension that can be triggered by invalid parameters in a parameterized query. In the supplied Festo MES PC advisory context, the issue is treated as high severity because it may lead to denial of service and, in the worst case, remote code execution. The affected PHP ranges are 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7 [truncated]
CVE-2022-27458 is a high-severity memory-safety issue tracked in the supplied CISA/CSAF advisory for Festo Didactic SE MES PC. The source describes a use-after-free in Binary_string::free_buffer() at /sql/sql_string.h and assigns a CVSS 3.1 base score of 7.5. The recommended mitigation in the advisory corpus is to use Factory Control Panel, which Festo states includes fixes for the affected vulnerabilities.
CVE-2022-27457 is a high-severity use-after-free reported in MariaDB Server v10.6.3 and below, specifically in my_mb_wc_latin1 within /strings/ctype-latin1.c. In the supplied CISA CSAF advisory, the issue is associated with Festo Didactic SE MES PC, and the vendor remediation is to move from XAMPP to the current Factory Control Panel version that includes fixes. The source item was first published on 2024 [truncated]
CVE-2022-27456 is a use-after-free in MariaDB Server v10.6.3 and below, identified in the advisory material for Festo Didactic SE MES PC. The advisory ties remediation to replacing the vulnerable XAMPP-based component with Factory Control Panel, and the published CVSS 3.1 vector indicates a network-reachable issue with no authentication required and high availability impact.
CVE-2022-27455 is a high-severity use-after-free issue associated with MariaDB Server v10.6.3 and below, identified in CISA’s advisory for Festo Didactic SE MES PC. The supplied advisory data ties the affected environment to MES PC systems and recommends moving to the Factory Control Panel replacement that includes fixes. The published CVSS vector indicates a network-reachable, no-privileges, no-user-inte [truncated]
CVE-2022-27452 is a high-severity availability issue in the supplied advisory corpus. The source record ties the finding to Festo Didactic SE MES PC and describes a MariaDB Server v10.9-and-below segmentation fault in sql/item_cmpfunc.cc. The assigned CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a network-reachable denial-of-service condition with no confidentiality or integrity impact [truncated]
CVE-2022-27451 is a high-severity availability issue associated with a MariaDB Server segmentation fault in the sql/field_conv.cc component. In the Festo Didactic SE MES PC advisory context, the issue is published as an industrial control systems advisory and mapped to MES PC, with Festo recommending replacement of XAMPP with Factory Control Panel. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) [truncated]
CISA’s CSAF advisory ICSA-26-027-02 ties CVE-2022-27449 to Festo Didactic SE MES PC and describes a segmentation fault in MariaDB Server v10.9 and below. The impact is availability-only (CVSS 7.5, AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), so defenders should treat it as a network-reachable denial-of-service risk rather than a code-execution issue. Festo’s stated remediation is to move MES PCs to the current F [truncated]
CVE-2022-27448 is a high-severity availability issue associated in the supplied advisory corpus with Festo Didactic SE MES PC. The advisory text links the problem to an assertion failure in MariaDB Server v10.9 and below at /row/row0mysql.cc, which can cause the affected service to stop functioning. Festo’s remediation in the corpus points customers to a replacement Factory Control Panel release that incl [truncated]
CVE-2022-27447 is a high-severity use-after-free in MariaDB Server v10.9 and below, surfaced in a CISA CSAF advisory for Festo Didactic SE MES PC. The advisory’s remediation path points operators to Festo’s current Factory Control Panel release and associated support guidance, indicating the issue affects the bundled software stack used on those systems.
CVE-2022-27446 is a high-severity availability issue in the supplied advisory corpus. The published CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which means the primary concern is denial of service rather than data theft or tampering. The source corpus associates the CVE with a CISA CSAF advisory for Festo Didactic SE MES PC, while the advisory description states that MariaDB Server v10.9 and b [truncated]
CVE-2022-27445 is a high-severity denial-of-service issue with a CVSS 3.1 score of 7.5. The source advisory ties the CVE to Festo Didactic SE MES PC, while the CVE description says MariaDB Server v10.9 and below can hit a segmentation fault in sql/sql_window.cc. The main operational concern is loss of availability: affected systems may crash or become unavailable if exposed to the vulnerable condition.
CVE-2022-27444 is a high-severity availability issue referenced in a CISA CSAF advisory for Festo Didactic SE MES PC. The advisory text says MariaDB Server v10.9 and below can hit a segmentation fault in sql/item_subselect.cc, which can disrupt service availability. The supplied advisory corpus also points to Festo’s Factory Control Panel as the replacement path for XAMPP on affected MES PCs.
CVE-2022-27387 is a high-severity MariaDB issue affecting Festo Didactic SE MES PC environments that rely on MariaDB Server v10.7 and below. The advisory describes a global buffer overflow in decimal_bin_size that can be triggered by specially crafted SQL statements, with the primary security consequence being denial of service. CISA published the advisory on 2024-02-27 and later republished it on 2026-01 [truncated]
CVE-2022-27386 is presented in the supplied advisory corpus as a high-severity availability issue (CVSS 7.5) linked to Festo Didactic SE MES PC, with the vulnerability text stating that MariaDB Server v10.7 and below can hit a segmentation fault in sql/sql_class.cc. The available material focuses on defensive remediation: Festo Didactic states that Factory Control Panel replaced XAMPP on MES PCs and that [truncated]
CVE-2022-27385 is a high-severity availability issue described in the Festo Didactic SE MES PC advisory corpus. The source text ties the problem to the MariaDB-related component "Used_tables_and_const_cache::used_tables_and_const_cache_join" and states that specially crafted SQL statements can cause denial of service. The advisory’s remediation says Festo Didactic released Factory Control Panel as a repla [truncated]
CVE-2022-27384 is a network-reachable denial-of-service issue described in the Festo Didactic SE MES PC advisory material. The source description attributes the problem to MariaDB Server's Item_subselect::init_expr_cache_tracker path in v10.6 and below, where specially crafted SQL statements can disrupt availability. The CISA CSAF remediation guidance points affected MES PC users toward Festo's Factory Co [truncated]
According to the supplied advisory record, CVE-2022-27383 involves a use-after-free in MariaDB Server v10.6 and below, specifically in my_strcasecmp_8bit. The issue can be triggered with specially crafted SQL statements and is scored CVSS 7.5 (HIGH) because it can cause high availability impact without requiring privileges or user interaction. The source record is tied to a Festo Didactic SE MES PC adviso [truncated]
CVE-2022-27382 is a high-severity availability issue referenced in Festo Didactic SE MES PC advisory material. The source description says MariaDB Server v10.7 and below can hit a segmentation fault in Item_field::used_tables/update_depend_map_for_order, which can lead to service disruption rather than data theft or integrity loss. For MES PC operators, the practical concern is unplanned downtime in syste [truncated]
CVE-2022-27381 is a high-severity denial-of-service issue published in a CISA advisory for Festo Didactic SE MES PC. The source description says specially crafted SQL statements can trigger DoS through the MariaDB Server Field::set_default component in version 10.6 and below. The vendor guidance in the advisory points affected users to a fixed Factory Control Panel replacement for XAMPP on MES PCs.
CVE-2022-27380 is a high-severity denial-of-service issue referenced in the Festo Didactic SE MES PC advisory materials published through CISA. The source description says specially crafted SQL statements can trigger a DoS in a MariaDB component, and the remediation guidance points affected users to Factory Control Panel as the replacement for XAMPP. Because the supplied corpus mixes a Festo product advis [truncated]
CVE-2022-27379 is a denial-of-service vulnerability affecting the MariaDB Server component Arg_comparator::compare_real_fixed, described in the CISA CSAF advisory for Festo Didactic SE MES PC. The source metadata says specially crafted SQL statements can trigger the issue in MariaDB Server v10.6.2 and below. Because the CVSS vector is network-exploitable, requires no privileges, and has high availability [truncated]
CVE-2022-27378 is a high-severity denial-of-service issue referenced in a CISA CSAF advisory for Festo Didactic SE MES PC. The source record’s vulnerability text describes a MariaDB Server flaw involving specially crafted SQL statements, while the advisory remediation points MES PC users to a vendor replacement path.
CVE-2022-27377 is a high-severity use-after-free issue described in the Festo Didactic MES PC advisory corpus. The advisory text says MariaDB Server v10.6.3 and below is affected in Item_func_in::cleanup(), with exploitation possible via specially crafted SQL statements. Festo’s remediation guidance points to Factory Control Panel as a replacement for XAMPP on MES PCs and directs customers to obtain the c [truncated]
CVE-2022-27376 is a high-severity use-after-free in MariaDB's Item_args::walk_arg that can be triggered by specially crafted SQL statements. In the supplied CISA/Festo advisory context, it is tied to Festo Didactic SE MES PC deployments that used XAMPP; Festo's remediation is to move to Factory Control Panel, which the vendor says includes fixes.
CVE-2022-23808 is a medium-severity web injection issue tied to phpMyAdmin 5.1 before 5.1.2 and republished by CISA in a Festo Didactic SE MES PC advisory. The reported impact is that an attacker can inject malicious code into parts of the setup script, which can lead to XSS or HTML injection. For affected MES PC deployments, the vendor remediation referenced in the advisory is to move to Festo's Factory [truncated]
CVE-2022-23807 is a medium-severity authentication weakness tied in the supplied CISA/Festo advisory context to Festo Didactic SE MES PC. The advisory describes a phpMyAdmin issue where a valid user who is already authenticated can manipulate their account to bypass two-factor authentication on future login instances. The source remediation points to a replacement Factory Control Panel that includes fixes [truncated]
CVE-2022-21595 is a Medium-severity Oracle MySQL Server vulnerability in the C API component that can lead to a hang or repeatable crash, resulting in denial of service. The source advisory ties it to Festo Didactic SE MES PC and says the replacement Factory Control Panel includes fixes. Exploitation is described as difficult and requires a high-privilege attacker with network access via multiple protocols.