BaseDraft

CWE-1314Missing Write Protection for Parametric Data Values

Category: other

Description

The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.

Common consequences· 1

  • Availability — Quality Degradation, DoS: Resource Consumption (Other)
    Sensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service.

Potential mitigations· 1

  • [Architecture and Design]Access controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.

Related CAPEC attack patterns· 1

CAPEC-1

References

  1. https://cwe.mitre.org/data/definitions/1314.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternAccessing Functionality Not Properly Constrained by ACLscapec-1100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Prevention of Lock Bit Modification
CWE
Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE
Improper Access Control for Register Interface
CWE
Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
CWE
Improper Restriction of Software Interfaces to Hardware Features
CWE
Improper Write Handling in Limited-write Non-Volatile Memories
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.