Use new threat assessment for configuration error

  * Verdict: No undocumented interfaces are found and no interfaces can be accessed without authorization other than those documented as necessary and the instructions to the user are sufficient => PASS, otherwise => FAIL

  * Evidence: List of interfaces, log of attempts to access

#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.

### 5.2.X **TR-SCUD**: Secure updates

SP-WD-1: SCFS, SUDC, (SUVP or SUOE), (NTFY or WDOG), LOGG

SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), PDDI-1, PDDI-4, ADEF, DPAH, SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH

SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH

SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, (NTFY or WDOG), JSTY, LOGG, VULH

SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, DCTX, (NTFY or WDOG), JSTY, LOGG, VULH

SP-WD-4: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH

SP-WD-4: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUOE), CDST, CDTX, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH

### 5.3.2 Wireless network interface risk mitigation sets

SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-3: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-3: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

### 5.3.3 Virtual network interface risk mitigation sets

SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, SDRF, VULH

SP-VI-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, (RSET or INST or DELE), SDRF, SDTR, VULH

SP-VI-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-3, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, (RSET or INST or DELE), SDRF, SDTR, VULH

# 6 Conformity Assessment

[etc]

#### C.4.3.2 Unknown exploitable vulnerabilities

#### C.4.3.2 TH-UEVU: Unknown exploitable vulnerabilities

**[TH-UEVU]:** Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.

Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.

| Risk factors                       | Likelihood | Security profiles            |

|------------------------------------|------------|------------------------------|

* High to Low: DJST, NTFY, WDOG, LOGG

#### C.4.3.3 Access to data via acquisition of used product

#### C.4.3.3 TH-PHYS: Access to data via acquisition of used product

**[TH-PHYS]:** Attacker may get unauthorized access to confidential data stored on the product through acquisition of a used product.

Attacker may get unauthorized access to confidential data stored on the product through acquisition of a used product.

| Risk factors       | Likelihood | Security profiles |

|--------------------|------------|-------------------|

| SDS = 1      | Medium | WL-\*, VI-1       |

| SDS = 2      | High   | VI-2              |

Requirements that mitigate this threat: SCDL, SDEF

Requirements that mitigate this threat: CDST, SCDL, SDEF

Mitigations for Likelihood:

* Medium to Low: (RSET or INST or DELE)

* Medium to Low: ADEF, DPAH, (RSET or INST or DELE)

* High to Low: (RSET or INST or DELE)

* High to Low: ADEF, DPAH, PDDI-\*, (RSET or INST or DELE)

Mitigations for Impact:

* Medium to Low: CDST, ADEF, DPAH

* Medium to Low: CDST

* High to Low: CDST, ADEF, DPAH, PDDI-\*

* High to Low: CDST

**[TH-CONF]:** Attacker may use configuration errors to get unauthorized access to the product assets.

#### C.4.3.4 TH-CONF: Access to assets via configuration errors

| Risk factors                      | Likelihood |

|-----------------------------------|------------|

| max(PHY, SFT, NET) > 1 & ADM > 0  | High       |

| all others                        | Medium     |

| max(PHY, SFT, NET) < 1 or ADM = 0 | Low        |

Attacker may use configuration errors to get unauthorized access to the product assets.

| Risk factors                     | Impact |

|----------------------------------|--------|

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium |

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    |

| Risk factors                      | Likelihood | Security profiles      |

|-----------------------------------|------------|------------------------|

| max(PHY, SFT, NET) = 0 or ADM = 0 | Low        | WD-1, VI-1             |

| all others                        | Medium     | WL-1                   |

| max(PHY, SFT, NET) = 2 & ADM = 2  | High       | WD-3, WL-2, WL-3, VI-2 |

| Risk factors                     | Impact | Security profiles       |

|----------------------------------|--------|-------------------------|

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    | none                    |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, WL-\*, VI-1 |

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   | WD-2, WD-4, VI-2        |

Requirements that mitigate this threat: CDST, SDEF, DMIN, LOGG

Mitigations for Likelihood:

* Medium to Low: ADEF, DPAH, PDDI-1

* High to Low: ADEF, DPAH, PDDI-2 if PHY = 2, PDDI-3 if SFT = 2, PDDI-4 if NET = 2

Mitigations for Impact:

* Medium to Low: CDST

Requirements: SDEF, DMIN, LOGG

* High to Low: CDST, DJST, LOGG

**[TH-UADT]:** Attacker may use network access to get unauthorized access to confidential data transmitted by the product.