ICS Communications: Unreliability

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primiti...

The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.

The hardware logic does not effectively handle when single-event upsets (SEUs) occur.

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive informatio...

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses ...

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter ...

CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure Executive Ta...