CWE-1338
Improper Protections Against Hardware Overheating
Draft
2020-12-10
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Name: Improper Protections Against Hardware Overheating
A hardware device is missing or has inadequate protection features to prevent overheating.
Allgemeine Informationen
Einführungsmodi
Architecture and DesignImplementation : Such issues could be introduced during hardware architecture, design or implementation.
Anwendbare Plattformen
Sprache
Class: Not Language-Specific (Undetermined)Betriebssysteme
Class: Not OS-Specific (Undetermined)Architekturen
Class: Not Architecture-Specific (Undetermined)Technologien
Class: Not Technology-Specific (Undetermined)Class: ICS/OT (Undetermined)
Name: Power Management Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Häufige Konsequenzen
| Bereich | Auswirkung | Wahrscheinlichkeit |
|---|---|---|
| Availability | DoS: Resource Consumption (Other) | High |
Mögliche Gegenmaßnahmen
Phases : Architecture and DesignTemperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level.
Phases : Implementation
The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature.
Erkennungsmethoden
Dynamic Analysis with Manual Results Interpretation
Dynamic tests should be performed to stress-test temperature controls.Wirksamkeit : High
Architecture or Design Review
Power management controls should be part of Architecture and Design reviews.Wirksamkeit : High
Hinweise zur Schwachstellen-Zuordnung
Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Verwandte Angriffsmuster
| CAPEC-ID | Name des Angriffsmusters |
|---|---|
| CAPEC-624 | Hardware Fault Injection
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. |
| CAPEC-625 | Mobile Device Fault Injection
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised. |
Referenzen
REF-1156
Loapi--This Trojan is hot!Leonid Grustniy.
https://www.kaspersky.com/blog/loapi-trojan/20510/
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna | Intel Corporation | 4.3 |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
