ICS Supply Chain: Common Mode Frailties
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the "Common Mode Frailties" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "At the component level, most ICS systems are assembled from common parts made by other companies. One or more of these common parts might contain a vulnerability that could result in a wide-spread incident." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary ...
The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from...
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability, update...
CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure Executive Ta...
- The Great DNS Vulnerability of 2008 by Dan Kaminsky
Thu T. Pham
- Categories of Security Vulnerabilities in ICS
Securing Energy Infrastructure Executive Task Force (SEI ETF)