CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

2021 CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.9)  
ID

CWE CATEGORY: ICS Communications: Frail Security in Protocols

Category ID: 1366
+ Summary
Weaknesses in this category are related to the "Frail Security in Protocols" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022. Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
+ Membership
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1359ICS Communications
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.327Use of a Broken or Risky Cryptographic Algorithm
HasMemberBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.358Improperly Implemented Security Check for Standard
+ Notes

Maintenance

This category was created in CWE 4.7 to facilitate and illuminate discussion about weaknesses in ICS. It is under active development. In future versions, new weaknesses will be added based on input from the CWE-CAPEC ICS/OT Special Interest Group (SIG). However, there may be some issues that are outside of the current scope of CWE, which will require consultation with many CWE stakeholders to resolve.
+ References
[REF-1259] Wikipedia. "Transport Layer Security". <https://en.wikipedia.org/wiki/Transport_Layer_Security>.
[REF-1248] Securing Energy Infrastructure Executive Task Force (SEI ETF). "Categories of Security Vulnerabilities in ICS". ICS Communications. 2022-03-09. <https://inl.gov/wp-content/uploads/2022/03/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf>.
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2022-03-09New Categories of Security Vulnerabilities (NCSV) Technical Project Team (TPT)Securing Energy Infrastructure Executive Task Force
More information is available — Please select a different filter.
Page Last Updated: October 13, 2022