CWE-1384

Improper Handling of Physical or Environmental Conditions

AI Translation Available

The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.

Status

incomplete

Abstraction

class

Affected Platforms

System on Chip ICS/OT

Extended Description

AI Translation

Hardware products are typically only guaranteed to behave correctly within certain physical limits or environmental conditions. Such products cannot necessarily control the physical or external conditions to which they are subjected. However, the inability to handle such conditions can undermine a product's security. For example, an unexpected physical or environmental condition may cause the flipping of a bit that is used for an authentication decision. This unexpected condition could occur naturally or be induced artificially by an adversary.

Physical or environmental conditions of concern are:

- **Atmospheric characteristics: ** extreme temperature ranges, etc.

- **Interference: ** electromagnetic interference (EMI), radio frequency interference (RFI), etc.

- **Assorted light sources: ** white light, ultra-violet light (UV), lasers, infrared (IR), etc.

- **Power variances: ** under-voltages, over-voltages, under-current, over-current, etc.

- **Clock variances: ** glitching, overclocking, clock stretching, etc.

- **Component aging and degradation**

- **Materials manipulation: ** focused ion beams (FIB), etc.

- **Exposure to radiation: ** x-rays, cosmic radiation, etc.

Technical Details

AI Translation

Common Consequences

confidentiality integrity availability

Impacts

varies by context unexpected state

Potential Mitigations

Phases:

requirements architecture and design implementation

Descriptions:

• Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.

• In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.

• Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.

AI Generated Translation

Common Consequences

riservatezza integrità disponibilità

Impacts

varia dal contesto stato inaspettato

Potential Mitigations

Phases:

requisiti architettura e design implementazione

Descriptions:

• Dove possibile, includere componenti indipendenti in grado di rilevare condizioni ambientali e di spegnere il prodotto.

• Nei requisiti, sii specifico riguardo alle aspettative su come il prodotto si comporterà quando supera i limiti fisici e ambientali, ad esempio spegnendosi.

• Dove possibile, utilizzare schermature o altri materiali che possano aumentare il carico di lavoro dell'avversario e ridurre la probabilità di riuscire a innescare con successo un guasto legato alla sicurezza.

CWE-1384

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter