CWE-1338
Improper Protections Against Hardware Overheating
Draft
2020-12-10
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Improper Protections Against Hardware Overheating
A hardware device is missing or has inadequate protection features to prevent overheating.
Informacje ogólne
Sposoby wprowadzenia
Architecture and DesignImplementation : Such issues could be introduced during hardware architecture, design or implementation.
Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Systemy operacyjne
Class: Not OS-Specific (Undetermined)Architektury
Class: Not Architecture-Specific (Undetermined)Technologie
Class: Not Technology-Specific (Undetermined)Class: ICS/OT (Undetermined)
Name: Power Management Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Availability | DoS: Resource Consumption (Other) | High |
Potencjalne środki zaradcze
Phases : Architecture and DesignTemperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level.
Phases : Implementation
The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature.
Metody wykrywania
Dynamic Analysis with Manual Results Interpretation
Dynamic tests should be performed to stress-test temperature controls.Skuteczność : High
Architecture or Design Review
Power management controls should be part of Architecture and Design reviews.Skuteczność : High
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Powiązane wzorce ataków
| CAPEC-ID | Nazwa wzorca ataku |
|---|---|
| CAPEC-624 | Hardware Fault Injection
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. |
| CAPEC-625 | Mobile Device Fault Injection
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised. |
Odniesienia
REF-1156
Loapi--This Trojan is hot!Leonid Grustniy.
https://www.kaspersky.com/blog/loapi-trojan/20510/
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna | Intel Corporation | 4.3 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
