CWE-1384: Improper Handling of Physical or Environmental Conditions
ID
CWE-1384
Abstraction
Class
Structure
Simple
Status
Incomplete
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
Hardware products are typically only guaranteed to behave correctly within certain physical limits or environmental conditions. Such products cannot necessarily control the physical or external conditions to which they are subjected. However, the inability to handle such conditions can undermine a product's security. For example, an unexpected physical or environmental condition may cause the flipping of a bit that is used for an authentication decision. This unexpected condition could occur naturally or be induced artificially by an adversary.
Physical or environmental conditions of concern are:
-
Atmospheric characteristics: extreme temperature ranges, etc.
-
Interference: electromagnetic interference (EMI), radio frequency interference (RFI), etc.
-
Assorted light sources: white light, ultra-violet light (UV), lasers, infrared (IR), etc.
-
Power variances: under-voltages, over-voltages, under-current, over-current, etc.
-
Clock variances: glitching, overclocking, clock stretching, etc.
-
Component aging and degradation
-
Materials manipulation: focused ion beams (FIB), etc.
-
Exposure to radiation: x-rays, cosmic radiation, etc.
Modes of Introduction
| Phase | Note |
|---|---|
| Architecture and Design | The product's design might not consider checking and handling extreme conditions. |
| Manufacturing | For hardware manufacturing, sub-par components might be chosen that are not able to handle the expected environmental conditions. |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Technology | System on Chip | ||
| Technology | ICS/OT |
Loading...