CWE-1384: Improper Handling of Physical or Environmental Conditions
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Varies by Context Unexpected State
说明: Consequences of this weakness are highly dependent on the role of affected components within the larger product.
潜在缓解措施
阶段: Requirements
描述: In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
阶段: Architecture and Design Implementation
描述: Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
阶段: Architecture and Design Implementation
描述: Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
观察示例
参考: CVE-2019-17391
Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | The product's design might not consider checking and handling extreme conditions. |
| Manufacturing | For hardware manufacturing, sub-par components might be chosen that are not able to handle the expected environmental conditions. |