Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWRAF > CWE List > CWRAF Vignette Details - Domain chemical  

CWRAF Vignette Details - Domain chemical

The MITRE Corporation
Copyright © 2013

CWRAF version: 0.8.3

Date: April 3, 2013

Project Coordinator:

Bob Martin (MITRE)

Document Editor:

Steve Christey (MITRE)
CWRAF Vignettes - chemical
CWRAF Vignettes - chemical

Within the Common Weakness Risk Analysis Framework (CWRAF), a vignette provides a shareable, formalized way to define a particular environment, the role that software plays within that environment, and an organization's priorities with respect to software security. It identifies essential resources and capabilities, as well as their importance relative to security principles such as confidentiality, integrity, and availability. For example, in an e-commerce context, 99.999% uptime may be a strong business requirement that drives the interpretation of the severity of discovered weaknesses.

Vignettes allow CWSS to support diverse audiences who may have different requirements for how to prioritize weaknesses. CWSS scoring can occur within the context of a vignette.

This page currently contains details for 1 vignettes within the "chemical" domain. These are illustrative only; the CWRAF community will help to refine these and develop others. Feedback is welcome.

Vignette Summary
Vignette Summary
Chemical Flow ControlA SCADA-based flow control system for a chemical plant. Underlying technology - heavy C usage. Systems developed in pre-Internet era with management consoles interfacing to them.
Vignette Details
Vignette Details

Vignette Definition: Chemical Flow Control

NameChemical Flow Control
DescA SCADA-based flow control system for a chemical plant. Underlying technology - heavy C usage. Systems developed in pre-Internet era with management consoles interfacing to them.
ArchetypesProcess Control Systems
Business Value Context (BVC)Compromise could result in ecological disaster, explosions, poison. Availability requirements are high in order to continually monitor and maintain a stable state. Integrity can be very high because of the ability to control or modify physical systems. Confidentiality is probably much less important.
ReferencesNo references recorded.

Technical Impact Scorecard

Modify dataSystem
Modify dataApplication
Modify dataNetwork
Modify dataEnterprise
Read dataSystem
Read dataApplication
Read dataNetwork
Read dataEnterprise
DoS: unreliable executionSystem
DoS: unreliable executionApplication
DoS: unreliable executionNetwork
DoS: unreliable executionEnterprise
DoS: resource consumptionSystem
DoS: resource consumptionApplication
DoS: resource consumptionNetwork
DoS: resource consumptionEnterprise
Execute unauthorized code or commandsSystem
Execute unauthorized code or commandsApplication
Execute unauthorized code or commandsNetwork
Execute unauthorized code or commandsEnterprise
Gain privileges / assume identitySystem
Gain privileges / assume identityApplication
Gain privileges / assume identityNetwork
Gain privileges / assume identityEnterprise
Bypass protection mechanismSystem
Bypass protection mechanismApplication
Bypass protection mechanismNetwork
Bypass protection mechanismEnterprise
Hide activitiesSystem
Hide activitiesApplication
Hide activitiesNetwork
Hide activitiesEnterprise

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017