Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-924 (通信信道中传输过程中消息完整性的不正确执行) — Vulnerability Class 17

17 vulnerabilities classified as CWE-924 (通信信道中传输过程中消息完整性的不正确执行). AI Chinese analysis included.

CWE-924 represents a critical integrity weakness where software fails to verify that transmitted messages remain unaltered during network communication. This vulnerability typically arises when developers neglect to implement cryptographic checks, allowing attackers to intercept and modify data in transit. By exploiting this gap, adversaries can perform man-in-the-middle attacks, altering payloads to inject malicious commands or spoof legitimate endpoints without detection. Such tampering compromises the authenticity and reliability of the communication channel, potentially leading to severe data corruption or unauthorized access. To mitigate this risk, developers must enforce robust message integrity mechanisms, such as using digital signatures or hash-based message authentication codes (HMAC). Additionally, employing secure transport protocols like TLS ensures that data remains encrypted and verified, effectively preventing unauthorized modifications and ensuring that the received message matches the original sender’s intent.

MITRE CWE Description
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.
Common Consequences (1)
Integrity, ConfidentialityGain Privileges or Assume Identity
If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.
CVE IDTitleCVSSSeverityPublished
CVE-2025-29628 Gardyn 4 安全漏洞 — Home Kit Firmware 9.4 Critical2025-07-25
CVE-2025-0592 SICK Lector8xx and InspectorP8xx vulnerable for code execution — SICK Lector8xx 8.8 High2025-02-14
CVE-2024-12399 Schneider Electric Pro-face GP-Pro EX和Remote HMI 安全漏洞 — Pro-face GP-Pro EX 7.1 High2025-01-17
CVE-2024-8933 Schneider Electric Modicon M340 安全漏洞 — Modicon M340 CPU (part numbers BMXP34*) 7.5 High2024-11-13
CVE-2024-43450 Windows DNS Spoofing Vulnerability — Windows Server 2019 7.5 High2024-11-12
CVE-2024-52288 RMAC revert to the beginning of the session in libosdp — libosdp 5.1 Medium2024-11-11
CVE-2020-11639 Insufficient access control on Inter process communication, — Advant MOD 300 AdvaBuild 7.8 High2024-07-23
CVE-2023-6408 Schneider Electric Modicon M340 安全漏洞 — Modicon M340 CPU (part numbers BMXP34*) 8.1 High2024-02-14
CVE-2023-30565 CQI Data Sniffing — CQI Reporter 3.5 Low2023-07-13
CVE-2023-2885 Channel Accessible by Non-Endpoint in CBOT's Chatbot — Chatbot 8.1 High2023-05-25
CVE-2023-22372 BIG-IP Edge Client for Windows and Mac OS vulnerability — BIG-IP Edge Client 5.9 Medium2023-05-03
CVE-2022-3166 MicroLogix 1100 & 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack — MicroLogix 1100 7.5 High2022-12-16
CVE-2021-3716 Libguestfs Nbdkit 安全漏洞 — nbdkit 5.9 -2022-03-02
CVE-2020-10635 ICSA-20-098-05 KUKA.Sim Pro Improper Enforcement of Message Integrity During Transmission in a Communication Channel — Sim Pro 4.3 Medium2022-02-24
CVE-2021-34793 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2021-10-27
CVE-2021-41034 Eclipse Che 安全漏洞 — Eclipse Che 7.4 -2021-09-29
CVE-2021-21390 MITM modification of request bodies in MinIO — minio 6.5 Medium2021-03-19

Vulnerabilities classified as CWE-924 (通信信道中传输过程中消息完整性的不正确执行) represent 17 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.