ICS Supply Chain: OT Counterfeit and Malicious Corruption

A category in the Common Weakness Enumeration published by The MITRE Corporation.

  • Source

    CWE Catalog - 4.12

  • Identifier

    CWE-1372

  • Status

    Incomplete

Contents

Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the "OT Counterfeit and Malicious Corruption" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "In ICS, when this procurement process results in a vulnerability or component damage, it can have grid impacts or cause physical harm." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.

Weaknesses

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Improper Prevention of Lock Bit Modification

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bi...

Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as sca...

Security-Sensitive Hardware Controls with Missing Lock Bit Protection

The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform ...

Categories

Privilege Separation and Access Control Issues

Weaknesses in this category are related to features and mechanisms providing hardware-based isolation and access control (e.g., identity, policy, locking control) of s...

Concepts

Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS

CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure Executive Ta...

See Also

  1. Categories of Security Vulnerabilities in ICS

    Securing Energy Infrastructure Executive Task Force (SEI ETF)

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.