Loading EN-304-620-1.md +21 −7 Original line number Diff line number Diff line Loading @@ -752,13 +752,15 @@ Mitigations for Likelihood: * High to Low: KEVD, KEVA, (KEVT or SCAN), KEVM, (SUAP or SUAO), VULH ### C.4.x TH-EPC: Attacker may gain access to an endpoint, exposing traffic, private network, or PII. ### C.4.x TH-UEA: Unauthorized endpoint access | Risk factors | Likelihood | |-----------------------------|------------| | CFG = 2 or AUT = 2 | High | | CFG = 1 or ADM > 1 | Medium | | CFG = 0 & AUT < 2 & ADM < 2 | Low | Attacker may gain unauthorized access to an endpoint in a manner not under control of the product, exposing product assets. | Risk factors | Likelihood | Security profile | |-------------------|------------|------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | | Risk factors | Impact | Security profile | |-------------------|--------|------------------| Loading @@ -766,7 +768,19 @@ Mitigations for Likelihood: | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | Requirements: AUTH, EISO, TRAF, DMIN, CRYPT Requirements: AUTH, DMIN Mitigations for Likelihood: * Medium to Low: TODO-HAS: add risk transfer to environment * High to Medium: TODO-HAS: add risk transfer to environment Mitigations for Impact: * Medium to Low: AUTH-3, AUTH-5, NPII-1 * High to Medium: AUTH-3, AUTH-4, AUTH-5, NPII-1, NPII-2, NPII-4 ### C.4.x TH-RDP: Attacker launches denial of service attack on manufacturer remote data processing Loading Loading
EN-304-620-1.md +21 −7 Original line number Diff line number Diff line Loading @@ -752,13 +752,15 @@ Mitigations for Likelihood: * High to Low: KEVD, KEVA, (KEVT or SCAN), KEVM, (SUAP or SUAO), VULH ### C.4.x TH-EPC: Attacker may gain access to an endpoint, exposing traffic, private network, or PII. ### C.4.x TH-UEA: Unauthorized endpoint access | Risk factors | Likelihood | |-----------------------------|------------| | CFG = 2 or AUT = 2 | High | | CFG = 1 or ADM > 1 | Medium | | CFG = 0 & AUT < 2 & ADM < 2 | Low | Attacker may gain unauthorized access to an endpoint in a manner not under control of the product, exposing product assets. | Risk factors | Likelihood | Security profile | |-------------------|------------|------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | | Risk factors | Impact | Security profile | |-------------------|--------|------------------| Loading @@ -766,7 +768,19 @@ Mitigations for Likelihood: | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | Requirements: AUTH, EISO, TRAF, DMIN, CRYPT Requirements: AUTH, DMIN Mitigations for Likelihood: * Medium to Low: TODO-HAS: add risk transfer to environment * High to Medium: TODO-HAS: add risk transfer to environment Mitigations for Impact: * Medium to Low: AUTH-3, AUTH-5, NPII-1 * High to Medium: AUTH-3, AUTH-4, AUTH-5, NPII-1, NPII-2, NPII-4 ### C.4.x TH-RDP: Attacker launches denial of service attack on manufacturer remote data processing Loading
