CWE - CWE-1380: ICS Operations (& Maintenance): Post-analysis changes (4.13)

Category ID: 1380

Summary

Weaknesses in this category are related to the "Post-analysis changes" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "Changes made to a previously analyzed and approved ICS environment can introduce new security vulnerabilities (as opposed to safety)." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.

Membership

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1363	ICS Operations (& Maintenance)

Vulnerability Mapping Notes

Usage: Prohibited

(this CWE ID must not be used to map to real-world vulnerabilities)

Reason: Category

Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

Notes

Relationship

Relationships in this category are not authoritative and subject to change. See Maintenance notes.

Maintenance

This category might be subject to CWE Scope Exclusion SCOPE.HUMANPROC (Human/organizational process).

Maintenance

This category was created in CWE 4.7 to facilitate and illuminate discussion about weaknesses in ICS with [REF-1248] as a starting point. After the release of CWE 4.9 in October 2022, this has been under active review by members of the "Boosting CWE" subgroup of the CWE-CAPEC ICS/OT Special Interest Group (SIG). Subgroup members did not find any CWEs to add to this category in CWE 4.11. There may be some gaps with respect to CWE's current scope, which will require consultation with many CWE stakeholders to resolve.

References

[REF-1248] Securing Energy Infrastructure Executive Task Force (SEI ETF). "Categories of Security Vulnerabilities in ICS". Post-analysis changes. 2022-03-09. <https://inl.gov/wp-content/uploads/2022/03/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf>.

Content History

Submissions
Submission Date	Submitter	Organization
2022-03-09 (CWE 4.7, 2022-04-28)	New Categories of Security Vulnerabilities (NCSV) Technical Project Team (TPT)	Securing Energy Infrastructure Executive Task Force
2022-03-09 (CWE 4.7, 2022-04-28)
Modifications
Modification Date	Modifier	Organization
2023-01-31	CWE Content Team	MITRE
2023-01-31	updated Description, Maintenance_Notes, Relationship_Notes
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Maintenance_Notes, Mapping_Notes
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes

Common Weakness Enumeration

CWE CATEGORY: ICS Operations (& Maintenance): Post-analysis changes


	Site Map \| Terms of Use \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2023, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.