CWE-1384: Improper Handling of Physical or Environmental… | Glexia
CWE-1384 (Improper Handling of Physical or Environmental Conditions) weakness overview with consequences, detection methods, mitigations, related CVEs and MITRE…
Glexia's Take · Automated analysis
CWE-1384: Improper Handling of Physical or Environmental Conditions
Improper Handling of Physical or Environmental Conditions represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Confidentiality,Integrity,Availability: Varies by Context,Unexpected State: Consequences of this weakness are highly dependent on the role of affected components within the larger product.
Developer Pattern
CWE-1384 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Automation confidence
high confidence from CWE-1384, 4.20.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Official CWE Definition
CWE-1384: Improper Handling of Physical or Environmental Conditions
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock glitches, an attacker might launch a fault-injection attack right when the signature check is happening (at the location marked with the comment), causing a bypass of the signature-checking process. After bypassing secure boot, an attacker can gain access to system assets to which the attacker should not have access.
- In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enabled the researcher to access the crash file, perform reverse engineering, and detect a hard-coded key. [REF-1101]
Remediation
- Requirements: In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
- Architecture and Design,Implementation: Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
- Architecture and Design,Implementation: Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
Detection
- Code review
- SAST
- DAST
- Focused regression tests
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
- CWE-1247: Improper Protection Against Voltage and Clock Glitches
- CWE-1261: Improper Handling of Single Event Upsets
- CWE-1332: Improper Handling of Faults that Lead to Instruction Skips
- CWE-1351: Improper Handling of Hardware Behavior in Exceptionally Cold Environments
- CWE-703: Improper Check or Handling of Exceptional Conditions
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.
