Standardlikelihood: Mediumseverity: HighDraft

CAPEC-682Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadvertently designing devices incapable of updating their software. Additionally, with updatable devices, the manufacturer may decide not to support the device and stop making updates to their software.

Related weaknesses· 2

CWE-1277CWE-1310

Related attack patterns· 1

CAPEC-212 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessFirmware Not Updateablecwe-1277100%live
WeaknessMissing Ability to Patch ROM Codecwe-1310100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Malicious Hardware Update
CAPEC
Flash Memory Attacks
CWE
Missing Ability to Patch ROM Code
CAPEC
Altered Component Firmware
CAPEC
Malicious Code Implanted During Chip Programming
CAPEC
Infected Hardware
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.