Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-1384 — Vulnerability Class 2

2 vulnerabilities classified as CWE-1384. AI Chinese analysis included.

CWE-1384 represents a critical weakness where software fails to adequately manage unexpected physical or environmental conditions, whether naturally occurring or artificially induced. This vulnerability typically arises when hardware products operate outside their guaranteed physical limits, leading to unpredictable behavior or system failure. Attackers often exploit this by manipulating environmental factors such as temperature, humidity, or electromagnetic interference to trigger malfunction, denial of service, or unauthorized access. To mitigate this risk, developers must implement robust error handling and fail-safe mechanisms that gracefully degrade performance or shut down safely under extreme conditions. Additionally, conducting thorough environmental stress testing and adhering to industry-specific hardware standards ensures that systems can withstand or properly respond to adverse physical scenarios, thereby maintaining integrity and availability even when external conditions exceed normal operating parameters.

MITRE CWE Description
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced. Hardware products are typically only guaranteed to behave correctly within certain physical limits or environmental conditions. Such products cannot necessarily control the physical or external conditions to which they are subjected. However, the inability to handle such conditions can undermine a product's security. For example, an unexpected physical or environmental condition may cause the flipping of a bit that is used for an authentication decision. This unexpected condition could occur naturally or be induced artificially by an adversary. Physical or environmental conditions of concern are: Atmospheric characteristics: extreme temperature ranges, etc. Interference: electromagnetic interference (EMI), radio frequency interference (RFI), etc. Assorted light sources: white light, ultra-violet light (UV), lasers, infrared (IR), etc. Power variances: under-voltages, over-voltages, under-current, over-current, etc. Clock variances: glitching, overclocking, clock stretching, etc. Component aging and degradation Materials manipulation: focused ion beams (FIB), etc. Exposure to radiation: x-rays, cosmic radiation, etc.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityVaries by Context, Unexpected State
Consequences of this weakness are highly dependent on the role of affected components within the larger product.
Mitigations (3)
RequirementsIn requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
Architecture and Design, ImplementationWhere possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
Architecture and Design, ImplementationWhere possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
Examples (2)
Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock g…
... if (signature_matches)  // <-Glitch Here { load_runtime_firmware(); } else { do_not_load_runtime_firmware(); } ...
Bad · C
If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful.
Good · Other
In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enab…
CVE IDTitleCVSSSeverityPublished
CVE-2026-49325 Indian Scout Bobber 2025 WCM voltage-based shutdown — Scout Bobber + Tech 4.6 Medium2026-05-29
CVE-2025-52557 Mail-0 Zero Session Hijacking Via Email — Zero 6.1AIMediumAI2025-06-21

Vulnerabilities classified as CWE-1384 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.