BaseDraft

CWE-1334Unauthorized Error Injection Can Degrade Hardware Redundancy

Category: injection

Description

An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

Common consequences· 1

  • Integrity / Availability — DoS: Crash, Exit, or Restart, DoS: Instability, Quality Degradation, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Reduce Performance, Reduce Reliability, Unexpected State

Potential mitigations· 3

  • [Architecture and Design]Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors.
  • [Implementation]Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors.
  • [Integration]Add an access control layer atop any unprotected interfaces for injecting errors.

Related CAPEC attack patterns· 2

CAPEC-624CAPEC-625

References

  1. https://cwe.mitre.org/data/definitions/1334.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternHardware Fault Injectioncapec-624100%live
AttackPatternMobile Device Fault Injectioncapec-625100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Protection for Outbound Error Messages and Alert Signals
CWE
Improper Finite State Machines (FSMs) in Hardware Logic
CWE
Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE
Hardware Logic Contains Race Conditions
CWE
Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CWE
Policy Privileges are not Assigned Consistently Between Control and Data Agents
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.