CWE-1366 (ICS Communications: Frail Security in Protocols) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Weaknesses in this category are related to the "Frail Security in Protocols" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "Vulnerabilities arise as a result of mis-implementation or incomplete implementation of security in ICS implementations of communication protocols." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-22535 | 2026-01-07 | An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the b… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description, Maintenance_Notes, Relationship_Notes |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Mapping_Notes, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes, Relationships |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Maintenance_Notes |
| Type | Name | Date | Comment |
|---|---|---|---|
| Content | "Boosting CWE Content" Sub-Working Group | 2023-04-26 | Suggested weaknesses to add to this category. |
| Content | "Boosting CWE Content" Sub-Working Group | 2023-06-29 | Suggested weaknesses to add to this category. |