CWE-941
Incorrectly Specified Destination in a Communication Channel
The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
CVE-2019-18242 (GCVE-0-2019-18242)
Vulnerability from cvelistv5
Published
2020-03-24 16:53
Modified
2024-08-05 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-941 - INCORRECTLY SPECIFIED DESTINATION IN A COMMUNICATION CHANNEL
Summary
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower |
Version: Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-941",
"description": "INCORRECTLY SPECIFIED DESTINATION IN A COMMUNICATION CHANNEL CWE-941",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T16:53:32",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower",
"version": {
"version_data": [
{
"version_value": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INCORRECTLY SPECIFIED DESTINATION IN A COMMUNICATION CHANNEL CWE-941"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18242",
"datePublished": "2020-03-24T16:53:32",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4847 (GCVE-0-2022-4847)
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2025-04-09 15:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-941 - Incorrectly Specified Destination in a Communication Channel
Summary
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:45.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4847",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:39:05.634180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:46:21.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "usememos/memos",
"vendor": "usememos",
"versions": [
{
"lessThan": "0.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-941",
"description": "CWE-941 Incorrectly Specified Destination in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73"
},
{
"url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948"
}
],
"source": {
"advisory": "ff6d4b5a-5e75-4a14-b5ce-f318f8613b73",
"discovery": "EXTERNAL"
},
"title": "Incorrectly Specified Destination in a Communication Channel in usememos/memos"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4847",
"datePublished": "2022-12-29T00:00:00.000Z",
"dateReserved": "2022-12-29T00:00:00.000Z",
"dateUpdated": "2025-04-09T15:46:21.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33198 (GCVE-0-2023-33198)
Vulnerability from cvelistv5
Published
2023-05-30 04:37
Modified
2025-01-10 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-941 - Incorrectly Specified Destination in a Communication Channel
Summary
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tgstation | tgstation-server |
Version: >= 4.0.0, < 5.12.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m"
},
{
"name": "https://github.com/tgstation/tgstation-server/pull/1493",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tgstation/tgstation-server/pull/1493"
},
{
"name": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T20:08:22.883068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:08:33.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tgstation-server",
"vendor": "tgstation",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 5.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance\u0027s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-941",
"description": "CWE-941: Incorrectly Specified Destination in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T04:37:13.928Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m"
},
{
"name": "https://github.com/tgstation/tgstation-server/pull/1493",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tgstation/tgstation-server/pull/1493"
},
{
"name": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2"
}
],
"source": {
"advisory": "GHSA-p2xj-w57r-6f5m",
"discovery": "UNKNOWN"
},
"title": "Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33198",
"datePublished": "2023-05-30T04:37:13.928Z",
"dateReserved": "2023-05-17T22:25:50.700Z",
"dateUpdated": "2025-01-10T20:08:33.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0036 (GCVE-0-2025-0036)
Vulnerability from cvelistv5
Published
2025-06-09 23:57
Modified
2025-06-30 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-682 - Incorrect Calculation
- CWE-772 - Missing Release of Resource after Effective Lifetime
- CWE-940 - Improper Verification of Source of a Communication Channel
- CWE-941 - Incorrectly Specified Destination in a Communication Channel
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | AMD | Versal Adaptive SoC Devices |
Patch: 2025.1 release |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:19:45.871057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:27:43.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Versal Adaptive SoC Devices",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal RF Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal AI Edge Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal Prime Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal Premium Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal AI Core Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Versal HBM Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
},
{
"defaultStatus": "affected",
"product": "Alveo V80 Compute Accelerator",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "2025.1 release"
}
]
}
],
"datePublic": "2025-06-03T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.\u003cbr\u003e"
}
],
"value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-941",
"description": "CWE-941 Incorrectly Specified Destination in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T14:48:59.255Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-0036",
"datePublished": "2025-06-09T23:57:39.748Z",
"dateReserved": "2024-11-21T16:18:02.918Z",
"dateUpdated": "2025-06-30T14:48:59.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.