CWE-1384 – Improper Handling of Extreme Physical Environment Conditions

Read Time:46 Second

Description

The product does not properly detect and handle extreme conditions in the product’s physical environment, such as temperature, radiation, humidity, power, or other physical phenomena.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-703

 

Consequences

Confidentiality, Integrity, Availability: Varies by Context, Unexpected State

Consequences of this weakness are highly dependent on the role of affected components within the larger product.

 

Potential Mitigations

Phase: Requirements

Description: 

In requirements, be specific about expectations for how the product will perform when it exceeds high environmental conditions, e.g., by shutting down.

Phase: Architecture and Design, Implementation

Description: 

Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.

Phase: Architecture and Design, Implementation

Description: 

Where possible, use shielding or other materials that can increase the adversary’s workload and reduce the likelihood of being able to successfully trigger a security-related failure.

CVE References