CWE-1357 4 CVEs MITRE definition ↗

CWE-1357: Reliance on Insufficiently Trustworthy Component

Overview

CWE-1357 (Reliance on Insufficiently Trustworthy Component) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability, updateability, and maintainability.

Applicable platforms

Kind Name Class Prevalence OS / CPE
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined
technology ICS/OT Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-32800 2025-06-16 Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacke…
CVE-2024-26024 2024-05-28 SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.
CVE-2024-28042 2024-05-15 SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.
CVE-2024-3313 2024-04-09 SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.

Previous names

  • Reliance on Uncontrolled Component (2023-01-31)

Content submission

Name
CWE Content Team
Organization
MITRE
Date
2022-04-20
Version
4.7

Content modifications

Date Name Version Importance Comment
2022-10-13 CWE Content Team 4.9 updated References
2023-01-31 CWE Content Team 4.10 updated Applicable_Platforms, Description, Maintenance_Notes, Modes_of_Introduction, Name, Potential_Mitigations, Relationships
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Taxonomy_Mappings
2025-04-03 CWE Content Team 4.17 updated Relationships
2025-09-09 CWE Content Team 4.18 updated References
2025-12-11 CWE Content Team 4.19 updated Demonstrative_Examples, Detection_Factors
2026-04-30 CWE Content Team 4.20 updated Relationships

Contributions

Type Name Date Comment
Content "Mapping CWE to 62443" Sub-Working Group 2023-06-29 Suggested mappings to ISA/IEC 62443.
cvelogic Threat Intelligence