Category: Physical Access Issues and Concerns
Draft
Summary
Weaknesses in this category are related to concerns of physical access.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | This vulnerability occurs when a hardware device lacks proper physical safeguards against deliberate electrical manipulation. Without dedicated protection circuits or sensors, attackers can use voltage spikes or irregular clock signals to bypass security features, potentially exposing sensitive data or taking control of the system. |
| CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | A security-critical hardware component contains physical flaws in its semiconductor material, which can cause it to malfunction and undermine its security features. |
| CWE-1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks | This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations. |
| CWE-1261 | Improper Handling of Single Event Upsets | This vulnerability occurs when hardware logic fails to properly manage single-event upsets (SEUs), which are temporary bit flips caused by environmental factors. |
| CWE-1278 | Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques | This vulnerability occurs when hardware lacks safeguards against physical inspection, allowing attackers to extract sensitive data by capturing and analyzing high-resolution images of the integrated circuit's internal structure. |
| CWE-1300 | Improper Protection of Physical Side Channels | This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit measurable patterns in power usage, electromagnetic radiation, or even sound emissions to uncover sensitive information like encryption keys. |
| CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | This vulnerability occurs when a hardware device lacks sufficient shielding against electromagnetic interference, allowing attackers to disrupt its internal operations. By inducing targeted electromagnetic pulses, an attacker can force the device to malfunction, potentially bypassing security checks or leaking sensitive data. |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | This vulnerability occurs when a hardware device lacks or incorrectly implements the necessary circuitry or sensors to detect and respond to the skipping of critical security instructions during CPU execution. |
| CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | This weakness occurs when a hardware device or its firmware lacks proper safeguards to maintain security functions when operated in extremely cold temperatures. Designers may fail to anticipate how critical components, like memory or security primitives, behave outside their standard operating range, creating exploitable gaps. |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | This weakness occurs when a hardware device fails to manage unexpected physical or environmental situations, whether they happen naturally or are deliberately caused by an attacker. These conditions can force the hardware into an insecure state. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.