Improper Handling of Physical or Environmental Conditions

The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.

  • Source

    CWE Catalog - 4.14

  • Identifier

    CWE-1384

  • Status

    Incomplete

Contents

Description

Hardware products are typically only guaranteed to behave correctly within certain physical limits or environmental conditions. Such products cannot necessarily control the physical or external conditions to which they are subjected. However, the inability to handle such conditions can undermine a product's security. For example, an unexpected physical or environmental condition may cause the flipping of a bit that is used for an authentication decision. This unexpected condition could occur naturally or be induced artificially by an adversary.

Physical or environmental conditions of concern are:

Atmospheric characteristics:

extreme temperature ranges, etc.

Interference:

electromagnetic interference (EMI), radio frequency interference (RFI), etc.

Assorted light sources:

white light, ultra-violet light (UV), lasers, infrared (IR), etc.

Power variances:

under-voltages, over-voltages, under-current, over-current, etc.

Clock variances:

glitching, overclocking, clock stretching, etc.

Component aging and degradation

Materials manipulation:

focused ion beams (FIB), etc.

Exposure to radiation:

x-rays, cosmic radiation, etc.

See Also

Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions

Weaknesses in this category are related to improper check or handling of exceptional conditions.

Physical Access Issues and Concerns

Weaknesses in this category are related to concerns of physical access.

ICS Dependencies (& Architecture): External Physical Systems

Weaknesses in this category are related to the "External Physical Systems" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in Ma...

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Design

This view (slice) lists weaknesses that can be introduced during design.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.