CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

New to CWE? click here!
2021 CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.11)  
ID

CWE CATEGORY: ICS Operations (& Maintenance): Post-analysis changes

Category ID: 1380
+ Summary
Weaknesses in this category are related to the "Post-analysis changes" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "Changes made to a previously analyzed and approved ICS environment can introduce new security vulnerabilities (as opposed to safety)." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
+ Membership
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1363ICS Operations (& Maintenance)
+ Notes

Mapping

Use for Mapping: Prohibited (this CWE ID must not be used to map to real-world vulnerabilities).

Rationale: this entry is a Category. Using categories for mapping has been an actively discouraged practice since at least 2019. Categories are informal organizational groupings of weaknesses that help navigation and browsing by CWE users, but they are not weaknesses in themselves.

Comments: See member weaknesses of this category.

Relationship

Relationships in this category are not authoritative and subject to change. See Maintenance notes.

Maintenance

This category might be subject to CWE Scope Exclusion SCOPE.HUMANPROC (Human/organizational process).

Maintenance

This category was created in CWE 4.7 to facilitate and illuminate discussion about weaknesses in ICS with [REF-1248] as a starting point. After the release of CWE 4.9 in October 2022, this has been under active review by members of the "Boosting CWE" subgroup of the CWE-CAPEC ICS/OT Special Interest Group (SIG). Subgroup members did not find any CWEs to add to this category in CWE 4.11. There may be some gaps with respect to CWE's current scope, which will require consultation with many CWE stakeholders to resolve.
+ References
[REF-1248] Securing Energy Infrastructure Executive Task Force (SEI ETF). "Categories of Security Vulnerabilities in ICS". Post-analysis changes. 2022-03-09. <https://inl.gov/wp-content/uploads/2022/03/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf>.
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2022-03-09New Categories of Security Vulnerabilities (NCSV) Technical Project Team (TPT)Securing Energy Infrastructure Executive Task Force
+ Modifications
Modification DateModifierOrganization
2023-01-31CWE Content TeamMITRE
updated Description, Maintenance_Notes, Relationship_Notes
2023-04-27CWE Content TeamMITRE
updated Maintenance_Notes, Mapping_Notes
Page Last Updated: April 27, 2023