Loading EN-304-625.md +23 −11 Original line number Diff line number Diff line Loading @@ -1894,24 +1894,36 @@ SP-WD-3: KEVD or KEVA or KEVT or SCAN, KEVM, SCFS, SSCA, ADEF, DPAH, PDDI-\*, NT [etc] #### C.4.3.1 Unknown exploitable vulnerabilities #### C.4.3.2 Unknown exploitable vulnerabilities **[TH-UEVU]:** Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |--------------------------------|------------| | (SFT > 1 or NET > 1) & COM > 1 | High | | (SFT = 1 or NET = 1) & COM > 1 | Medium | | (SFT < 1 & NET < 1) or COM = 0 | Low | | Risk factors | Likelihood | Security profiles | |------------------------------------|------------|------------------------------| | max(PHYS, SFT, NET) = 0 or COM = 0 | Low | WD-1, VI-1 | | all others | Medium | WD-2, WD-3, WD-4, WL-1, VI-1 | | max(PHYS, SFT, NET) = 2 & COM = 2 | High | WL-2, WL-3, VI-2 | | Risk factors | Impact | |----------------------------------|--------| | max(SYS, SDS, SDT, FUN, DOS) = 2 | High | | max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | | max(SYS, SDS, SDT, FUN, DOS) = 0 | Low | | Risk factors | Impact | Security profiles | |----------------------------------|--------|-------------------------| | max(SYS, SDS, SDT, FUN, DOS) = 0 | Low | none | | max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, WL-\*, VI-1 | | max(SYS, SDS, SDT, FUN, DOS) = 2 | High | WD-2, WD-4, VI-2 | Requirements: SSDD, LMII, DMIN, LMAS, LOGG Mitigations for Likelihood: * Medium to Low: SCFS, SSCA, ADEF, DPAH, PDDI-\* * High to Low: SCFS, SSCA, (FZ95 or BTIN or IMSL), MSAF-\*, MZRO-\*, ADEF, DPAH, PDDI-\*, JSTY Mitigations for Impact: * Medium to Low: (NTFY or WDOG), LOGG * High to Low: DJST, NTFY, WDOG, LOGG **[TH-PHYS]:** Attacker may get unauthorized access to confidential data stored on the product through acquisition of a used product. | Risk factors | Likelihood | Loading Loading
EN-304-625.md +23 −11 Original line number Diff line number Diff line Loading @@ -1894,24 +1894,36 @@ SP-WD-3: KEVD or KEVA or KEVT or SCAN, KEVM, SCFS, SSCA, ADEF, DPAH, PDDI-\*, NT [etc] #### C.4.3.1 Unknown exploitable vulnerabilities #### C.4.3.2 Unknown exploitable vulnerabilities **[TH-UEVU]:** Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |--------------------------------|------------| | (SFT > 1 or NET > 1) & COM > 1 | High | | (SFT = 1 or NET = 1) & COM > 1 | Medium | | (SFT < 1 & NET < 1) or COM = 0 | Low | | Risk factors | Likelihood | Security profiles | |------------------------------------|------------|------------------------------| | max(PHYS, SFT, NET) = 0 or COM = 0 | Low | WD-1, VI-1 | | all others | Medium | WD-2, WD-3, WD-4, WL-1, VI-1 | | max(PHYS, SFT, NET) = 2 & COM = 2 | High | WL-2, WL-3, VI-2 | | Risk factors | Impact | |----------------------------------|--------| | max(SYS, SDS, SDT, FUN, DOS) = 2 | High | | max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | | max(SYS, SDS, SDT, FUN, DOS) = 0 | Low | | Risk factors | Impact | Security profiles | |----------------------------------|--------|-------------------------| | max(SYS, SDS, SDT, FUN, DOS) = 0 | Low | none | | max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, WL-\*, VI-1 | | max(SYS, SDS, SDT, FUN, DOS) = 2 | High | WD-2, WD-4, VI-2 | Requirements: SSDD, LMII, DMIN, LMAS, LOGG Mitigations for Likelihood: * Medium to Low: SCFS, SSCA, ADEF, DPAH, PDDI-\* * High to Low: SCFS, SSCA, (FZ95 or BTIN or IMSL), MSAF-\*, MZRO-\*, ADEF, DPAH, PDDI-\*, JSTY Mitigations for Impact: * Medium to Low: (NTFY or WDOG), LOGG * High to Low: DJST, NTFY, WDOG, LOGG **[TH-PHYS]:** Attacker may get unauthorized access to confidential data stored on the product through acquisition of a used product. | Risk factors | Likelihood | Loading
