Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:ICS Communications: Zone Boundary Failures
Category ID:1364
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the "Zone Boundary Failures" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "Within an ICS system, for traffic that crosses through network zone boundaries, vulnerabilities arise when those boundaries were designed for safety or other purposes but are being repurposed for security." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1358Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS
HasMemberAllowedB1189Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
HasMemberAllowed-with-ReviewC1263Improper Physical Access Control
HasMemberAllowedB1303Non-Transparent Sharing of Microarchitectural Resources
HasMemberAllowedB1393Use of Default Password
HasMemberAllowedB212Improper Removal of Sensitive Information Before Storage or Transfer
HasMemberAllowedB268Privilege Chaining
HasMemberDiscouragedC269Improper Privilege Management
HasMemberDiscouragedC287Improper Authentication
HasMemberAllowedB288Authentication Bypass Using an Alternate Path or Channel
HasMemberAllowedB306Missing Authentication for Critical Function
HasMemberAllowed-with-ReviewC362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberAllowedC384Session Fixation
HasMemberAllowedB434Unrestricted Upload of File with Dangerous Type
HasMemberAllowedB494Download of Code Without Integrity Check
HasMemberAllowedB501Trust Boundary Violation
HasMemberDiscouragedC668Exposure of Resource to Wrong Sphere
HasMemberAllowed-with-ReviewC669Incorrect Resource Transfer Between Spheres
HasMemberAllowed-with-ReviewC754Improper Check for Unusual or Exceptional Conditions
HasMemberAllowedB829Inclusion of Functionality from Untrusted Control Sphere
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1358
Name: Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1189
Name: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1263
Name: Improper Physical Access Control
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1303
Name: Non-Transparent Sharing of Microarchitectural Resources
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1393
Name: Use of Default Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 212
Name: Improper Removal of Sensitive Information Before Storage or Transfer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 268
Name: Privilege Chaining
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 269
Name: Improper Privilege Management
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 288
Name: Authentication Bypass Using an Alternate Path or Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 306
Name: Missing Authentication for Critical Function
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 362
Name: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 384
Name: Session Fixation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 434
Name: Unrestricted Upload of File with Dangerous Type
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 494
Name: Download of Code Without Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 501
Name: Trust Boundary Violation
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 668
Name: Exposure of Resource to Wrong Sphere
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 669
Name: Incorrect Resource Transfer Between Spheres
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 754
Name: Improper Check for Unusual or Exceptional Conditions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 829
Name: Inclusion of Functionality from Untrusted Control Sphere
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
Relationship

Relationships in this category are not authoritative and subject to change. See Maintenance notes.

N/A

Maintenance

This category was created in CWE 4.7 to facilitate and illuminate discussion about weaknesses in ICS with [REF-1248] as a starting point. After the release of CWE 4.9 in October 2022, this has been under active review by members of the "Boosting CWE" subgroup of the CWE-CAPEC ICS/OT Special Interest Group (SIG). Relationships are still subject to change. In addition, there may be some issues in [REF-1248] that are outside of the current scope of CWE, which will require consultation with many CWE stakeholders to resolve.

N/A

▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-1248
Title: Categories of Security Vulnerabilities in ICS
Version: v4.15
Author: Securing Energy Infrastructure Executive Task Force (SEI ETF)
Publication:
Publisher:
Edition:
URL:https://inl.gov/wp-content/uploads/2022/03/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf
URL Date:
Day:09
Month:03
Year:2022
Details not found