FSA-202402 — Vulnetix

FSA-202402 PUBLISHED CVSS 9.100000381469727 CRITICAL

MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
	Festo Didactic SE MES PC shipped with Windows 10

Timeline

Oct 21, 2023 PoC Published
Feb 27, 2024 CVE Published
Dec 8, 2025 CVE Updated

References

https://festo.com/psirt url
https://certvde.com/en/advisories/vendor/festo/ url
https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2024/fsa-202402.json advisory
https://certvde.com/en/advisories/VDE-2023-065 advisory

Open in Interactive Console →