CWE WEAKNESSES / CWE-345
CWE-345
Insufficient Verification of Data Authenticity
Class
What it is
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Impact
| Integrity, Other | Varies by Context, Unexpected State |
Real-world CVE examples
- CVE-2022-30260 — Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks
- CVE-2022-30267 — Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks
- CVE-2022-30272 — Remote Terminal Unit (RTU) does not use signatures for firmware images and relies on insecure checksums
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →