LiveActive security incident?Get immediate response
CWE Reference

CWE-1384: Improper Handling of Physical or Environmental… | Glexia

CWE-1384 (Improper Handling of Physical or Environmental Conditions) weakness overview with consequences, detection methods, mitigations, related CVEs and MITRE…

Release 4.20weaknessIncomplete

Glexia's Take · Automated analysis

CWE-1384: Improper Handling of Physical or Environmental Conditions

Improper Handling of Physical or Environmental Conditions represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Confidentiality,Integrity,Availability: Varies by Context,Unexpected State: Consequences of this weakness are highly dependent on the role of affected components within the larger product.

Developer Pattern

CWE-1384 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Automation confidence

high confidence from CWE-1384, 4.20.

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Official CWE Definition

CWE-1384: Improper Handling of Physical or Environmental Conditions

The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.

Type
weakness
Abstraction
Class
Status
Incomplete
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock glitches, an attacker might launch a fault-injection attack right when the signature check is happening (at the location marked with the comment), causing a bypass of the signature-checking process. After bypassing secure boot, an attacker can gain access to system assets to which the attacker should not have access.
  • In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enabled the researcher to access the crash file, perform reverse engineering, and detect a hard-coded key. [REF-1101]

Remediation

  • Requirements: In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
  • Architecture and Design,Implementation: Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
  • Architecture and Design,Implementation: Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.

Detection

  • Code review
  • SAST
  • DAST
  • Focused regression tests

Mappings

Related CVEs, CWEs, and ATT&CK context