Category: Physical Access Issues and Concerns
Draft
Summary
Weaknesses in this category are related to concerns of physical access.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device. |
| CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | The security-sensitive hardware module contains semiconductor defects. |
| CWE-1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks | A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token. |
| CWE-1261 | Improper Handling of Single Event Upsets | The hardware logic does not effectively handle when single-event upsets (SEUs) occur. |
| CWE-1278 | Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques | Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy. |
| CWE-1300 | Improper Protection of Physical Side Channels | The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions. |
| CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed. |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur. |
| CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures. |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.