1. Home
  2. Weaknesses
  3. CWE-1319

CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)

ID CWE-1319
Abstraction Base
Structure Simple
Status Incomplete
Number of CVEs 3
Detail CAPEC Dashboard Vulnerabilities Web & Social
The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

Electromagnetic fault injection may allow an attacker to locally and dynamically modify the signals (both internal and external) of an integrated circuit. EM-FI attacks consist of producing a local, transient magnetic field near the device, inducing current in the device wires. A typical EMFI setup is made up of a pulse injection circuit that generates a high current transient in an EMI coil, producing an abrupt magnetic pulse which couples to the target producing faults in the device, which can lead to:

  • Bypassing security mechanisms such as secure JTAG or Secure Boot
  • Leaking device information
  • Modifying program flow
  • Perturbing secure hardware modules (e.g. random number generators)

Modes of Introduction

Phase Note
Architecture and Design
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Operating_system Not OS-Specific
Architecture Not Architecture-Specific
Technology System on Chip
Technology Microcontroller Hardware
Technology Memory Hardware
Technology Power Management Hardware
Technology Processor Hardware
Technology Test/Debug Hardware
Technology Sensor Hardware

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-693 Protection Mechanism Failure Pillar Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-624 Hardware Fault Injection CWE-1319
CAPEC-625 Mobile Device Fault Injection CWE-1319

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date