Dark Mode
Capec-519 Detail
Documentation Alteration to Cause Errors in System Design
Detailed Supply Chain Likelihood: Low Typical Severity: High
Parents: 447
Threats: T62 T68
An attacker with access to a manufacturer's documentation containing requirements allocation and software design processes maliciously alters the documentation in order to cause errors in system design. This allows the attacker to take advantage of a weakness in a deployed system of the manufacturer for malicious purposes.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-519 | capec | https://capec.mitre.org/data/definitions/519.html | |
| REF-439 | reference_from_CAPEC | http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf | John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation |
| REF-715 | reference_from_CAPEC | https://nira.com/how-to-secure-your-documents/ | Marie Prokopets, How To Secure Your Documents, Nira |
Not present
- Advanced knowledge of software capabilities of a manufacturer's product.
- Access to the manufacturer's documentation.
Not present
| High |
|---|
| Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation. |
Not present
- During operation, a firewall will restart various subsystems to reload and implement new rules as added by the user. An attacker alters the software design dependencies in the manufacturer's documentation so that under certain predictable conditions the reload will fail to load in rules resulting in a "fail open" state. Once deployed at a victim site, this will allow the attacker to bypass the victim's firewall.