CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.13)  
ID

CWE CATEGORY: ICS Communications: Unreliability

Category ID: 1365
+ Summary
Weaknesses in this category are related to the "Unreliability" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "Vulnerabilities arise in reaction to disruptions in the physical layer (e.g. creating electrical noise) used to carry the traffic." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
+ Membership
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1359ICS Communications
HasMemberVariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.121Stack-based Buffer Overflow
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.269Improper Privilege Management
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.306Missing Authentication for Critical Function
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.349Acceptance of Extraneous Untrusted Data With Trusted Data
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.807Reliance on Untrusted Inputs in a Security Decision
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.1247Improper Protection Against Voltage and Clock Glitches
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.1261Improper Handling of Single Event Upsets
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.1332Improper Handling of Faults that Lead to Instruction Skips
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.1351Improper Handling of Hardware Behavior in Exceptionally Cold Environments
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.1384Improper Handling of Physical or Environmental Conditions
+ Vulnerability Mapping Notes

Usage: Prohibited

(this CWE ID must not be used to map to real-world vulnerabilities)

Reason: Category

Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.
+ Notes

Relationship

Relationships in this category are not authoritative and subject to change. See Maintenance notes.

Maintenance

This category was created in CWE 4.7 to facilitate and illuminate discussion about weaknesses in ICS with [REF-1248] as a starting point. After the release of CWE 4.9 in October 2022, this has been under active review by members of the "Boosting CWE" subgroup of the CWE-CAPEC ICS/OT Special Interest Group (SIG). Relationships are still subject to change. In addition, there may be some issues in [REF-1248] that are outside of the current scope of CWE, which will require consultation with many CWE stakeholders to resolve.
+ References
[REF-1258] Wikipedia. "Random early detection". <https://en.wikipedia.org/wiki/Random_early_detection>.
[REF-1248] Securing Energy Infrastructure Executive Task Force (SEI ETF). "Categories of Security Vulnerabilities in ICS". ICS Communications. 2022-03-09. <https://inl.gov/wp-content/uploads/2022/03/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf>.
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2022-03-09
(CWE 4.7, 2022-04-28)
New Categories of Security Vulnerabilities (NCSV) Technical Project Team (TPT)Securing Energy Infrastructure Executive Task Force
+ Contributions
Contribution DateContributorOrganization
2023-04-26
(CWE 4.11, 2023-04-26)
"Boosting CWE Content" Sub-Working GroupCWE-CAPEC ICS/OT SIG
Suggested weaknesses to add to this category.
2023-06-29
(CWE 4.12, 2023-06-29)
"Boosting CWE Content" Sub-Working GroupCWE-CAPEC ICS/OT SIG
Suggested weaknesses to add to this category.
+ Modifications
Modification DateModifierOrganization
2023-01-31CWE Content TeamMITRE
updated Description, Maintenance_Notes, Relationship_Notes
2023-04-27CWE Content TeamMITRE
updated Mapping_Notes, Relationships
2023-06-29CWE Content TeamMITRE
updated Mapping_Notes, Relationships
Page Last Updated: October 26, 2023