VDB
ICSA-26-027-02
ICSA-26-027-02
PUBLISHED
CVSS 9.100000381469727 CRITICAL
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Festo Didactic SE MES PC shipped with Windows 10 |
Timeline
- Jul 22, 2016 PoC Published
- Oct 21, 2023 PoC Published
- Feb 27, 2024 CVE Published
- Jan 27, 2026 CVE Updated
References
- https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2024/fsa-202402.json advisory
- https://certvde.com/en/advisories/vendor/festo/ url
- https://festo.com/psirt url
- https://certvde.com/en/advisories/VDE-2023-065 advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-027-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url