CWE-1338
Improper Protections Against Hardware Overheating
Draft
2020-12-10
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Naam: Improper Protections Against Hardware Overheating
A hardware device is missing or has inadequate protection features to prevent overheating.
Algemene informatie
Introductiemodi
Architecture and DesignImplementation : Such issues could be introduced during hardware architecture, design or implementation.
Toepasselijke platforms
Taal
Class: Not Language-Specific (Undetermined)Besturingssystemen
Class: Not OS-Specific (Undetermined)Architecturen
Class: Not Architecture-Specific (Undetermined)Technologieën
Class: Not Technology-Specific (Undetermined)Class: ICS/OT (Undetermined)
Name: Power Management Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Veelvoorkomende gevolgen
| Bereik | Impact | Waarschijnlijkheid |
|---|---|---|
| Availability | DoS: Resource Consumption (Other) | High |
Mogelijke risicobeperkingen
Phases : Architecture and DesignTemperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level.
Phases : Implementation
The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature.
Detectiemethoden
Dynamic Analysis with Manual Results Interpretation
Dynamic tests should be performed to stress-test temperature controls.Effectiviteit : High
Architecture or Design Review
Power management controls should be part of Architecture and Design reviews.Effectiviteit : High
Notities kwetsbaarheidsmapping
Rechtvaardiging : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Opmerking : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Gerelateerde aanvalspatronen
| CAPEC-ID | Naam aanvalspatroon |
|---|---|
| CAPEC-624 | Hardware Fault Injection
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. |
| CAPEC-625 | Mobile Device Fault Injection
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised. |
Referenties
REF-1156
Loapi--This Trojan is hot!Leonid Grustniy.
https://www.kaspersky.com/blog/loapi-trojan/20510/
Indiening
| Naam | Organisatie | Datum | Releasedatum | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna | Intel Corporation | 4.3 |
Wijzigingen
| Naam | Organisatie | Datum | Opmerking |
|---|---|---|---|
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
