CWE-1338
Improper Protections Against Hardware Overheating
Draft
2020-12-10
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Nome: Improper Protections Against Hardware Overheating
A hardware device is missing or has inadequate protection features to prevent overheating.
General Informations
Modes Of Introduction
Architecture and DesignImplementation : Such issues could be introduced during hardware architecture, design or implementation.
Piattaforme applicabili
Linguaggio
Class: Not Language-Specific (Undetermined)Sistemi operativi
Class: Not OS-Specific (Undetermined)Architetture
Class: Not Architecture-Specific (Undetermined)Tecnologie
Class: Not Technology-Specific (Undetermined)Class: ICS/OT (Undetermined)
Name: Power Management Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Conseguenze comuni
| Ambito | Impatto | Probabilità |
|---|---|---|
| Availability | DoS: Resource Consumption (Other) | High |
Potential Mitigations
Phases : Architecture and DesignTemperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level.
Phases : Implementation
The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature.
Detection Methods
Dynamic Analysis with Manual Results Interpretation
Dynamic tests should be performed to stress-test temperature controls.Effectiveness : High
Architecture or Design Review
Power management controls should be part of Architecture and Design reviews.Effectiveness : High
Note sulla mappatura delle vulnerabilità
Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Pattern di attacco correlati
| CAPEC-ID | Nome del pattern di attacco |
|---|---|
| CAPEC-624 | Hardware Fault Injection
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. |
| CAPEC-625 | Mobile Device Fault Injection
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised. |
Riferimenti
REF-1156
Loapi--This Trojan is hot!Leonid Grustniy.
https://www.kaspersky.com/blog/loapi-trojan/20510/
Invio
| Nome | Organizzazione | Data | Data di rilascio | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna | Intel Corporation | 4.3 |
Modifiche
| Nome | Organizzazione | Data | Commento |
|---|---|---|---|
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
