Description:
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications.
MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The vulnerabilities covered by this advisory have a broad range of impacts ranging from denial-ofservice to disclosure or manipulation/deletion of information.
Given the intended usage of MES PCs for didactic purposes in controlled lab environments, separate from productive systems, it never comes into contact with sensitive information. Therefore the impact is reduced to limited availability of the system.