Festo Didactic SE MES PC

Act Now9.8ICS-CERT ICSA-26-027-02Feb 27, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MES PCs shipped with Windows 10 come pre-installed with XAMPP, a bundle of open-source applications including Apache HTTP Server, MariaDB database, and related tools. The bundled XAMPP version contains approximately 140 known vulnerabilities across these applications. Festo Didactic has released Factory Control Panel as a replacement application that addresses these vulnerabilities. MES PCs currently in the field with unpatched XAMPP remain vulnerable to remote code execution, authentication bypass, database manipulation, and denial of service attacks.

What this means

What could happen

An attacker could exploit multiple vulnerabilities in the bundled XAMPP applications (Apache, MariaDB, etc.) on your MES PC to execute arbitrary code, bypass authentication, access or modify databases, or cause denial of service—potentially disrupting manufacturing training and control operations.

Who's at risk

Manufacturing training facilities and any organizations running Festo MES PCs with Windows 10 for process control or monitoring. The bundled XAMPP affects any workstations that depend on the Apache web server, MariaDB database, or other included components for training simulations or data management.

How it could be exploited

An attacker with network access to the MES PC (typically on plant network) could target any of approximately 140 known vulnerabilities in the pre-installed XAMPP components. Attack vectors include malicious HTTP requests to Apache, SQL injection against MariaDB, and other application-level exploits. No authentication is required for most of these vulnerabilities.

Prerequisites

Network access to the MES PC on the plant network
MES PC running Windows 10 with original XAMPP installation
No firewall rule restricting access to Apache (port 80/443) or MariaDB (port 3306)

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)very high EPSS score (94.1%)affects multiple critical applications (Apache, MariaDB)approximately 140 known vulnerabilitiesdefault XAMPP configuration likely in use

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

MES PC shipped with Windows 10shipped with Windows 10No fix yet

Remediation & Mitigation

0/3

Do now

0/2

HOTFIXContact Festo Didactic technical support (services.didactic@festo.com) to obtain and deploy Factory Control Panel as a replacement for XAMPP

WORKAROUNDIsolate the MES PC from direct network access using a firewall rule blocking inbound traffic to ports 80, 443 (Apache), and 3306 (MariaDB) until Factory Control Panel is deployed

Long-term hardening

0/1

HARDENINGImplement network segmentation to place the MES PC on a separate VLAN with restricted access from other plant systems

CVEs (139)

CVE-2019-11036 CVE-2023-25727 CVE-2021-2011 CVE-2022-32083 CVE-2021-46668 CVE-2018-19518 CVE-2021-2194 CVE-2019-11049 CVE-2022-31626 CVE-2022-32084 CVE-2022-32088 CVE-2022-27377 CVE-2020-2922 CVE-2019-9638 CVE-2019-11044 CVE-2020-7068 CVE-2020-7069 CVE-2015-2301 CVE-2023-0568 CVE-2022-27458 CVE-2021-21706 CVE-2022-27452 CVE-2020-7071 CVE-2022-27387 CVE-2022-27376 CVE-2019-11043 CVE-2021-2032 CVE-2021-2007 CVE-2019-11045 CVE-2022-27445 CVE-2022-27457 CVE-2022-27384 CVE-2022-23808 CVE-2023-0567 CVE-2019-9025 CVE-2022-27379 CVE-2019-9637 CVE-2021-27928 CVE-2021-21703 CVE-2020-2760 CVE-2021-2166 CVE-2015-2787 CVE-2022-23807 CVE-2020-2752 CVE-2021-46666 CVE-2020-2814 CVE-2020-7065 CVE-2021-21705 CVE-2020-7062 CVE-2019-11039 CVE-2019-11035 CVE-2022-27447 CVE-2019-11046 CVE-2022-27446 CVE-2022-27386 CVE-2019-9639 CVE-2019-11042 CVE-2022-27385 CVE-2020-7059 CVE-2020-7070 CVE-2022-32091 CVE-2015-2348 CVE-2019-9020 CVE-2021-35604 CVE-2022-27444 CVE-2018-14883 CVE-2014-9705 CVE-2020-7064 CVE-2022-27382 CVE-2020-7063 CVE-2021-2372 CVE-2019-9021 CVE-2018-14851 CVE-2022-27448 CVE-2021-46663 CVE-2021-2180 CVE-2014-9709 CVE-2023-25690 CVE-2022-32082 CVE-2022-31629 CVE-2019-9022 CVE-2016-3078 CVE-2023-0662 CVE-2021-2022 CVE-2022-32089 CVE-2019-11048 CVE-2021-46669 CVE-2019-11047 CVE-2022-27383 CVE-2021-46667 CVE-2022-32087 CVE-2022-36760 CVE-2020-7060 CVE-2018-17082 CVE-2019-9640 CVE-2021-46661 CVE-2019-11034 CVE-2022-27456 CVE-2020-7061 CVE-2022-27455 CVE-2021-2144 CVE-2021-2154 CVE-2022-21595 CVE-2019-11040 CVE-2021-2389 CVE-2023-27522 CVE-2020-2812 CVE-2021-46665 CVE-2022-32086 CVE-2022-32085 CVE-2021-21704 CVE-2020-7066 CVE-2022-31628 CVE-2021-46662 CVE-2016-5385 CVE-2022-37436 CVE-2013-6501 CVE-2021-21702 CVE-2019-9024 CVE-2019-9023 CVE-2022-27449 CVE-2021-46664 CVE-2019-11050 CVE-2021-21708 CVE-2022-31625 CVE-2022-32081 CVE-2022-27378 CVE-2006-20001 CVE-2018-19935 CVE-2022-4900 CVE-2018-12882 CVE-2019-9641 CVE-2022-27380 CVE-2022-27381 CVE-2021-21707 CVE-2022-27451 CVE-2020-2780 CVE-2019-11041 CVE-2021-2174

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5979067b-90fb-4de8-8c9f-f9587ee17181