Category: ICS Dependencies (& Architecture): External Physical Systems
Incomplete
Summary
Weaknesses in this category are related to the "External Physical Systems" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "Due to the highly interconnected technologies in use, an external dependency on another physical system could cause an availability interruption for the protected system." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | This vulnerability occurs when a hardware device lacks proper physical safeguards against deliberate electrical manipulation. Without dedicated protection circuits or sensors, attackers can use voltage spikes or irregular clock signals to bypass security features, potentially exposing sensitive data or taking control of the system. |
| CWE-1338 | Improper Protections Against Hardware Overheating | This vulnerability occurs when a hardware device lacks sufficient safeguards to prevent dangerous temperature increases during operation. |
| CWE-1357 | Reliance on Insufficiently Trustworthy Component | This weakness occurs when a system integrates a component that cannot be fully trusted to meet security, reliability, and maintenance standards, creating risk for the entire product. |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | This weakness occurs when a hardware device fails to manage unexpected physical or environmental situations, whether they happen naturally or are deliberately caused by an attacker. These conditions can force the hardware into an insecure state. |
| CWE-1358 | Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS | CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure Executive Task Force (SEI ETF) in March 2022. Weaknesses and categories in this view are focused on issues that affect ICS (Industrial Control Systems) but have not been traditionally covered by CWE in the past due to its earlier emphasis on enterprise IT software. Note: weaknesses in this view are based on "Nearest IT Neighbor" recommendations and other suggestions by the CWE team. These relationships are likely to change in future CWE versions. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.