|
|
|
|
CWE CATEGORY: ICS Supply Chain: Common Mode Frailties
|
Category ID: 1370
Vulnerability Mapping:
PROHIBITED
This CWE ID must not be used to map to real-world vulnerabilities
|
 Summary
Weaknesses in this category are related to the "Common Mode Frailties" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "At the component level, most ICS systems are assembled from common parts made by other companies. One or more of these common parts might contain a vulnerability that could result in a wide-spread incident." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
Membership
| Nature |
Type |
ID |
Name |
| MemberOf |
 Category - a CWE entry that contains a set of other entries that share a common characteristic. |
1361 |
ICS Supply Chain
|
| HasMember |
 Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
329 |
Generation of Predictable IV with CBC Mode
|
| HasMember |
 Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
664 |
Improper Control of a Resource Through its Lifetime
|
| HasMember |
Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
693 |
Protection Mechanism Failure
|
| HasMember |
Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
707 |
Improper Neutralization
|
| HasMember |
Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. |
710 |
Improper Adherence to Coding Standards
|
| HasMember |
 Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
1357 |
Reliance on Insufficiently Trustworthy Component
|
Vulnerability Mapping Notes
|
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
|
|
Reason:
Category
|
|
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
|
|
Comments: See member weaknesses of this category.
|
Notes
Relationship
Relationships in this category are not authoritative and subject to change. See Maintenance notes.
References
Content
History
| Submissions |
| Submission Date |
Submitter |
Organization |
2022-03-09
(CWE 4.7, 2022-04-28)
|
New Categories of Security Vulnerabilities (NCSV) Technical Project Team (TPT) |
Securing Energy Infrastructure Executive Task Force |
|
|
| Contributions |
| Contribution Date |
Contributor |
Organization |
|
2023-04-26
|
"Boosting CWE Content" Sub-Working Group |
CWE-CAPEC ICS/OT SIG |
|
Suggested weaknesses to add to this category.
|
|
2023-01-24
|
"Boosting CWE Content" Sub-Working Group |
CWE-CAPEC ICS/OT SIG |
|
Suggested weaknesses to add to this category.
|
 Modifications |
| Modification Date |
Modifier |
Organization |
2025-12-11
(CWE 4.19, 2025-12-11)
|
CWE Content Team |
MITRE |
|
updated Maintenance_Notes
|
2025-09-09
(CWE 4.18, 2025-09-09)
|
CWE Content Team |
MITRE |
|
updated References
|
2023-06-29
(CWE 4.12, 2023-06-29)
|
CWE Content Team |
MITRE |
|
updated Mapping_Notes
|
2023-04-27
(CWE 4.11, 2023-04-27)
|
CWE Content Team |
MITRE |
|
updated Mapping_Notes, Relationships
|
2023-01-31
(CWE 4.10, 2023-01-31)
|
CWE Content Team |
MITRE |
|
updated Description, Maintenance_Notes, Relationship_Notes, Relationships
|
More information is available — Please edit the custom filter or select a different filter.
|
