Dark Mode

Settings

Capec-518 Detail

Documentation Alteration to Produce Under-performing Systems

Detailed Supply Chain Likelihood: Low Typical Severity: High

Parents: 447

Threats: T62 T68

Description

An attacker with access to a manufacturer's documentation alters the descriptions of system capabilities with the intent of causing errors in derived system requirements, impacting the overall effectiveness and capability of the system, allowing an attacker to take advantage of the introduced system capability flaw once the system is deployed.

Not present

External ID Source Link Description
CAPEC-518 capec https://capec.mitre.org/data/definitions/518.html
REF-439 reference_from_CAPEC http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation
REF-715 reference_from_CAPEC https://nira.com/how-to-secure-your-documents/ Marie Prokopets, How To Secure Your Documents, Nira

Not present

  1. Advanced knowledge of software and hardware capabilities of a manufacturer's product.
  2. Access to the manufacturer's documentation.

Not present

High
Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation.

Not present

  1. A security subsystem involving encryption is a part of a product, but due to the demands of this subsystem during operation, the subsystem only runs when a specific amount of memory and processing is available. An attacker alters the descriptions of the system capabilities so that when deployed with the minimal requirements at the victim location, the encryption subsystem is never operational, leaving the system in a weakened security state.

We use cookies to ensure you get the best experience on our website.