CWE-1384
Improper Handling of Physical or Environmental Conditions
Incomplete
2022-04-28
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Improper Handling of Physical or Environmental Conditions
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
Informacje ogólne
Sposoby wprowadzenia
Architecture and Design : The product's design might not consider checking and handling extreme conditions.Manufacturing : For hardware manufacturing, sub-par components might be chosen that are not able to handle the expected environmental conditions.
Odpowiednie platformy
Technologie
Class: System on Chip (Undetermined)Class: ICS/OT (Undetermined)
Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Confidentiality Integrity Availability | Varies by Context, Unexpected State Note: Consequences of this weakness are highly dependent on the role of affected components within the larger product. |
Zaobserwowane przykłady
| Odniesienia | Opis |
|---|---|
CVE-2019-17391 | Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses. |
Potencjalne środki zaradcze
Phases : RequirementsIn requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
Phases : Architecture and Design // Implementation
Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
Phases : Architecture and Design // Implementation
Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is a Class and might have Base-level children that would be more appropriateKomentarz : Examine children of this entry to see if there is a better fit
Odniesienia
REF-1248
Categories of Security Vulnerabilities in ICSSecuring Energy Infrastructure Executive Task Force (SEI ETF).
https://secureenergy.inl.gov/content/uploads/27/2024/12/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf
REF-1255
Semi-invasive attacks - A new approach to hardware security analysisSergei P. Skorobogatov.
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf
REF-1285
Physical Security Attacks Against Silicon DevicesTexas Instruments.
https://www.ti.com/lit/an/swra739/swra739.pdf?ts=1644234570420
REF-1286
On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical AttacksLennert Wouters, Benedikt Gierlichs, Bart Preneel.
https://eprint.iacr.org/2022/328.pdf
REF-1101
The Hard-coded Key to my Heart - Hacking a Pacemaker ProgrammerAnders B. Wilhelmsen, Eivind S. Kristiansen, Marie Moe.
https://anderbw.github.io/2019-08-10-DC27-Biohacking-pacemaker-programmer.pdf
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 4.7 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CWE Content Team | MITRE | updated Description, Name, Potential_Mitigations, Relationships, Type | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References, Weakness_Ordinalities |
