Common Weakness Enumeration

CWE-1024

Allowed

Comparison of Incompatible Types

Abstraction: Base · Status: Incomplete

The product performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared.

2 vulnerabilities reference this CWE, most recent first.

CVE-2020-13559 (GCVE-0-2020-13559)

Vulnerability from cvelistv5 – Published: 2021-01-11 18:52 – Updated: 2024-08-04 12:25
VLAI
Summary
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
CWE
  • CWE-1024 - Comparison of Incompatible Types
Assigner
References
Impacted products
Vendor Product Version
n/a FreyrSCADA Affected: IEC-60879-5-104 Server Simulator 21.04.028
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:15.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1174"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreyrSCADA",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "IEC-60879-5-104 Server Simulator 21.04.028"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1024",
              "description": "CWE-1024: Comparison of Incompatible Types",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-11T18:52:54.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1174"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-13559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreyrSCADA",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IEC-60879-5-104 Server Simulator 21.04.028"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1024: Comparison of Incompatible Types"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1174",
              "refsource": "CONFIRM",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1174"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-13559",
    "datePublished": "2021-01-11T18:52:54.000Z",
    "dateReserved": "2020-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:25:15.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-5C97-GXR3-R368

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-12-06 21:47
VLAI
Summary
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Details

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:weibo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-16572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1024",
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-06T21:47:50Z",
    "nvd_published_at": "2019-12-17T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.",
  "id": "GHSA-5c97-gxr3-r368",
  "modified": "2022-12-06T21:47:50Z",
  "published": "2022-05-24T17:03:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16572"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1597"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.