Dynamic tests should be performed to stress-test temperature controls.
CWE-1338 Base Brouillon
Improper Protections Against Hardware Overheating
This vulnerability occurs when a hardware device lacks sufficient safeguards to prevent dangerous temperature increases during operation.
Définition
What is CWE-1338?
This vulnerability occurs when a hardware device lacks sufficient safeguards to prevent dangerous temperature increases during operation.
All electronic devices generate heat as a byproduct of their operation. Faster processors and higher power draw create more thermal energy. Without built-in protections like temperature sensors, adequate cooling, or power throttling, this heat can build up uncontrollably. Malicious software can exploit this by forcing the hardware into high-performance states, deliberately triggering overheating to cause a temporary malfunction or permanent physical damage—a technique known as a thermal denial-of-service attack.
The consequences extend beyond security, impacting device safety and long-term reliability. While similar issues exist for overvoltage or overcurrent conditions, overheating is uniquely tied to normal hardware activity. It's important to note that while these protections guard against operational heat, they do not address separate failure modes like battery malfunctions, which require their own mitigation strategies.
Impact réel
Real-world CVEs caused by CWE-1338
Aucune référence CVE publique n'est liée à ce CWE dans le catalogue MITRE pour le moment.
Comment les attaquants l'exploitent
Parcours de l'attaquant étape par étape
- 1
Malicious software running on a core can execute instructions that consume maximum power or increase core frequency. Such a power-virus program could execute on the platform for an extended time to overheat the device, resulting in permanent damage.
- 2
Execution core and platform do not support thermal sensors, performance throttling, or platform-cooling countermeasures to ensure that any software executing on the system cannot cause overheating past the maximum allowable temperature.
- 3
The platform and SoC should have failsafe thermal limits that are enforced by thermal sensors that trigger critical temperature alerts when high temperature is detected. Upon detection of high temperatures, the platform should trigger cooling or shutdown automatically.
Exemple de code vulnérable
Vulnerable pseudo
MITRE n'a pas publié d'exemple de code pour ce CWE. Le motif ci-dessous est illustratif — voir Ressources pour les références canoniques.
// Example pattern — see MITRE for the canonical references.
function handleRequest(input) {
// Untrusted input flows directly into the sensitive sink.
return executeUnsafe(input);
} Exemple de code sécurisé
Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention
How to prevent CWE-1338
- Architecture and Design Temperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level.
- Implementation The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature.
Signaux de détection
How to detect CWE-1338
Power management controls should be part of Architecture and Design reviews.
Plexicus détecte automatiquement CWE-1338 et ouvre une PR de correction en moins de 60 secondes.
Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.
Questions fréquentes Qu'est-ce que CWE-1338 ?
Quelle est la gravité de CWE-1338 ?
Quels langages ou plateformes sont affectés par CWE-1338 ?
Comment puis-je prévenir CWE-1338 ?
Comment Plexicus détecte et corrige CWE-1338 ?
Où puis-je en savoir plus sur CWE-1338 ?
Frequently asked questions
Qu'est-ce que CWE-1338 ?
This vulnerability occurs when a hardware device lacks sufficient safeguards to prevent dangerous temperature increases during operation.
Quelle est la gravité de CWE-1338 ?
MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.
Quels langages ou plateformes sont affectés par CWE-1338 ?
MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Not Technology-Specific, ICS/OT, Power Management Hardware, Processor Hardware.
Comment puis-je prévenir CWE-1338 ?
Temperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level. The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature.
Comment Plexicus détecte et corrige CWE-1338 ?
Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-1338 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.
Où puis-je en savoir plus sur CWE-1338 ?
MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/1338.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.
Faiblesses associées
Weaknesses related to CWE-1338
CWE-693 Parent
Protection Mechanism Failure
This weakness occurs when software either lacks a necessary security control, implements one that is too weak, or fails to activate an…
CWE-1039 Frère
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism
This vulnerability occurs when a system uses automated AI or machine learning to classify complex inputs like images, audio, or text, but…
CWE-1248 Frère
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
A security-critical hardware component contains physical flaws in its semiconductor material, which can cause it to malfunction and…
CWE-1253 Frère
Incorrect Selection of Fuse Values
This vulnerability occurs when a hardware security fuse is incorrectly programmed to represent a 'secure' state as logic 0 (unblown). An…
CWE-1269 Frère
Product Released in Non-Release Configuration
This vulnerability occurs when a product ships to customers while still configured with its pre-production or manufacturing settings,…
CWE-1278 Frère
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
This vulnerability occurs when hardware lacks safeguards against physical inspection, allowing attackers to extract sensitive data by…
CWE-1291 Frère
Public Key Re-Use for Signing both Debug and Production Code
This vulnerability occurs when the same cryptographic key is used to sign both development/debug software builds and final production…
CWE-1318 Frère
Missing Support for Security Features in On-chip Fabrics or Buses
This vulnerability occurs when the communication channels (fabrics or buses) within a chip lack built-in or enabled security features,…
CWE-1319 Frère
Improper Protection against Electromagnetic Fault Injection (EM-FI)
This vulnerability occurs when a hardware device lacks sufficient shielding against electromagnetic interference, allowing attackers to…
Prêt quand vous l'êtes
Arrêtez de payer par développeur.
Commencez à fermer la boucle.
Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.