Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:ICS/OT (technology class) Weaknesses
ID:BOSS-305
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view categorizes and displays weaknesses by technology class ICS/OT.

▼Memberships
NatureMappingTypeIDName
HasMemberProhibitedC1059Insufficient Technical Documentation
HasMemberProhibitedB1068Inconsistency Between Implementation and Documented Design
HasMemberAllowedB1104Use of Unmaintained Third Party Components
HasMemberProhibitedB1110Incomplete Design Documentation
HasMemberAllowedB1242Inclusion of Undocumented Features or Chicken Bits
HasMemberAllowedB1247Improper Protection Against Voltage and Clock Glitches
HasMemberAllowedB125Out-of-bounds Read
HasMemberAllowedB1329Reliance on Component That is Not Updateable
HasMemberAllowedB1338Improper Protections Against Hardware Overheating
HasMemberAllowed-with-ReviewC1357Reliance on Insufficiently Trustworthy Component
HasMemberAllowed-with-ReviewC1384Improper Handling of Physical or Environmental Conditions
HasMemberAllowed-with-ReviewC1390Weak Authentication
HasMemberAllowed-with-ReviewC1391Use of Weak Credentials
HasMemberAllowedB1392Use of Default Credentials
HasMemberAllowedB1393Use of Default Password
HasMemberAllowedB15External Control of System or Configuration Setting
HasMemberAllowedB256Plaintext Storage of a Password
HasMemberAllowedV259Use of Hard-coded Password
HasMemberAllowedB276Incorrect Default Permissions
HasMemberDiscouragedP284Improper Access Control
HasMemberDiscouragedC287Improper Authentication
HasMemberAllowedB306Missing Authentication for Critical Function
HasMemberAllowedB312Cleartext Storage of Sensitive Information
HasMemberAllowedB319Cleartext Transmission of Sensitive Information
HasMemberAllowedV321Use of Hard-coded Cryptographic Key
HasMemberAllowed-with-ReviewC327Use of a Broken or Risky Cryptographic Algorithm
HasMemberAllowedB328Use of Weak Hash
HasMemberAllowedV329Generation of Predictable IV with CBC Mode
HasMemberDiscouragedC345Insufficient Verification of Data Authenticity
HasMemberAllowed-with-ReviewC362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberAllowedB440Expected Behavior Violation
HasMemberAllowedB489Active Debug Code
HasMemberAllowedB502Deserialization of Untrusted Data
HasMemberAllowed-with-ReviewC522Insufficiently Protected Credentials
HasMemberAllowed-with-ReviewC602Client-Side Enforcement of Server-Side Security
HasMemberAllowedB603Use of Client-Side Authentication
HasMemberAllowed-with-ReviewC636Not Failing Securely ('Failing Open')
HasMemberDiscouragedP693Protection Mechanism Failure
HasMemberAllowedB787Out-of-bounds Write
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberAllowed-with-ReviewC912Hidden Functionality
Nature: HasMember
Mapping: Prohibited
Type: Class
ID: 1059
Name: Insufficient Technical Documentation
Nature: HasMember
Mapping: Prohibited
Type: Base
ID: 1068
Name: Inconsistency Between Implementation and Documented Design
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1104
Name: Use of Unmaintained Third Party Components
Nature: HasMember
Mapping: Prohibited
Type: Base
ID: 1110
Name: Incomplete Design Documentation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1242
Name: Inclusion of Undocumented Features or Chicken Bits
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1247
Name: Improper Protection Against Voltage and Clock Glitches
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 125
Name: Out-of-bounds Read
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1329
Name: Reliance on Component That is Not Updateable
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1338
Name: Improper Protections Against Hardware Overheating
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1357
Name: Reliance on Insufficiently Trustworthy Component
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1384
Name: Improper Handling of Physical or Environmental Conditions
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1390
Name: Weak Authentication
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1391
Name: Use of Weak Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1392
Name: Use of Default Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1393
Name: Use of Default Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 15
Name: External Control of System or Configuration Setting
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 256
Name: Plaintext Storage of a Password
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 259
Name: Use of Hard-coded Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 276
Name: Incorrect Default Permissions
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 284
Name: Improper Access Control
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 306
Name: Missing Authentication for Critical Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 312
Name: Cleartext Storage of Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 319
Name: Cleartext Transmission of Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 321
Name: Use of Hard-coded Cryptographic Key
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 327
Name: Use of a Broken or Risky Cryptographic Algorithm
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 328
Name: Use of Weak Hash
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 329
Name: Generation of Predictable IV with CBC Mode
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 345
Name: Insufficient Verification of Data Authenticity
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 362
Name: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 440
Name: Expected Behavior Violation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 489
Name: Active Debug Code
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 502
Name: Deserialization of Untrusted Data
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 522
Name: Insufficiently Protected Credentials
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 602
Name: Client-Side Enforcement of Server-Side Security
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 603
Name: Use of Client-Side Authentication
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 636
Name: Not Failing Securely ('Failing Open')
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 693
Name: Protection Mechanism Failure
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 787
Name: Out-of-bounds Write
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 912
Name: Hidden Functionality
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-305 - ICS/OT (technology class) Weaknesses
Details not found