Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-624:Hardware Fault Injection
Attack Pattern ID:624
Version:v3.9
Attack Pattern Name:Hardware Fault Injection
Abstraction:Meta
Status:Stable
Likelihood of Attack:Low
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
8Weaknesses found
CWE-1247
Improper Protection Against Voltage and Clock Glitches
ShareView Details
Improper Protection Against Voltage and Clock Glitches
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in2CVEs

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

Impacts-
Execute Unauthorized Code or CommandsModify MemoryGain Privileges or Assume IdentityBypass Protection MechanismRead Memory
Tags-
Power Management HardwareClock/Counter HardwareSensor HardwareICS/OT (technology class)System on Chip (technology class)Execute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Memory (impact)Modify Memory (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-1248
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
ShareView Details
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in0CVEs

The security-sensitive hardware module contains semiconductor defects.

Impacts-
DoS: Instability
Tags-
DoS: Instability (impact)
As Seen In-
Not Available
CWE-1256
Improper Restriction of Software Interfaces to Hardware Features
ShareView Details
Improper Restriction of Software Interfaces to Hardware Features
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in4CVEs

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.

Impacts-
Modify MemoryBypass Protection MechanismModify Application Data
Tags-
Memory HardwarePower Management HardwareClock/Counter HardwareBypass Protection Mechanism (impact)Modify Application Data (impact)Modify Memory (impact)
As Seen In-
2021 CWE Most Important Hardware List
CWE-1319
Improper Protection against Electromagnetic Fault Injection (EM-FI)
ShareView Details
Improper Protection against Electromagnetic Fault Injection (EM-FI)
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in5CVEs

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

Impacts-
Execute Unauthorized Code or CommandsModify MemoryGain Privileges or Assume IdentityBypass Protection MechanismRead Memory
Tags-
Memory HardwareMicrocontroller HardwarePower Management HardwareProcessor HardwareTest/Debug HardwareSensor HardwareSystem on Chip (technology class)Execute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Memory (impact)Modify Memory (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-1332
Improper Handling of Faults that Lead to Instruction Skips
ShareView Details
Improper Handling of Faults that Lead to Instruction Skips
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in3CVEs

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

Impacts-
Bypass Protection MechanismAlter Execution LogicUnexpected State
Tags-
System on Chip (technology class)Unexpected State (impact)Bypass Protection Mechanism (impact)Alter Execution Logic (impact)
As Seen In-
Not Available
CWE-1334
Unauthorized Error Injection Can Degrade Hardware Redundancy
ShareView Details
Unauthorized Error Injection Can Degrade Hardware Redundancy
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in1CVEs

An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

Impacts-
DoS: Resource Consumption (Other)DoS: Crash, Exit, or RestartDoS: Resource Consumption (Memory)Reduce ReliabilityReduce PerformanceDoS: Resource Consumption (CPU)DoS: InstabilityUnexpected StateQuality Degradation
Tags-
Reduce Performance (impact)DoS: Resource Consumption (CPU) (impact)Unexpected State (impact)Reduce Reliability (impact)DoS: Crash, Exit, or Restart (impact)Quality Degradation (impact)DoS: Resource Consumption (Memory) (impact)DoS: Instability (impact)DoS: Resource Consumption (Other) (impact)
As Seen In-
Not Available
CWE-1338
Improper Protections Against Hardware Overheating
ShareView Details
Improper Protections Against Hardware Overheating
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in0CVEs

A hardware device is missing or has inadequate protection features to prevent overheating.

Impacts-
DoS: Resource Consumption (Other)
Tags-
Power Management HardwareProcessor HardwareICS/OT (technology class)DoS: Resource Consumption (Other) (impact)
As Seen In-
Not Available
CWE-1351
Improper Handling of Hardware Behavior in Exceptionally Cold Environments
ShareView Details
Improper Handling of Hardware Behavior in Exceptionally Cold Environments
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in0CVEs

A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures.

Impacts-
Unexpected StateVaries by Context
Tags-
Embedded (architecture class)Microcomputer (architecture class)System on Chip (technology class)Unexpected State (impact)Varies by Context (impact)
As Seen In-
Not Available