Loading EN-304-626.md +19 −6 Original line number Diff line number Diff line Loading @@ -2128,17 +2128,30 @@ Mitigations for Impact: Attacker may use the ability to run arbitrary software on the product to get unauthorized read access to confidential data. | Risk factors | Likelihood | Security profiles | |-------------------------------|------------|-------------------| |---------------------------------|------------|------------------------------| | CUSR = 0 or max(SNDS, SNDT) = 0 | Low | LR, IoT-\*, RO-1, OT-1, WE-1 | | all others | Medium | SE-1, PC-\* LA-\* | | CUSR = 2 & max(SNDS, SNDT) = 2 | High | PS-1, SE-2, SE-3 | | Risk factors | Impact | Security profiles | |---------------------|--------|----------------------------------------| | max(SEND, SENT) = 0 | Low | LR, IoT-1 | | max(SEND, SENT) = 1 | Medium | IoT-2, IoT-3, WE-1 | | max(SEND, SENT) = 2 | High | OT-1, MOB-1, PC-\*, LA-\*, PS-1, SE-\* | Requirements that mitigate this threat: Requirements that mitigate this threat: MISO, DMIN, VULH Mitigations for Likelihood: * Medium to Low: * Medium to Low: TRMD, VULH * High to Low: * High to Low: PMSC or TRMD, VULH Mitigations for Impact: * Medium to Low: DMIN * High to Low: DMIN ## C.5 Mapping of use cases to risk factors Loading Loading
EN-304-626.md +19 −6 Original line number Diff line number Diff line Loading @@ -2128,17 +2128,30 @@ Mitigations for Impact: Attacker may use the ability to run arbitrary software on the product to get unauthorized read access to confidential data. | Risk factors | Likelihood | Security profiles | |-------------------------------|------------|-------------------| |---------------------------------|------------|------------------------------| | CUSR = 0 or max(SNDS, SNDT) = 0 | Low | LR, IoT-\*, RO-1, OT-1, WE-1 | | all others | Medium | SE-1, PC-\* LA-\* | | CUSR = 2 & max(SNDS, SNDT) = 2 | High | PS-1, SE-2, SE-3 | | Risk factors | Impact | Security profiles | |---------------------|--------|----------------------------------------| | max(SEND, SENT) = 0 | Low | LR, IoT-1 | | max(SEND, SENT) = 1 | Medium | IoT-2, IoT-3, WE-1 | | max(SEND, SENT) = 2 | High | OT-1, MOB-1, PC-\*, LA-\*, PS-1, SE-\* | Requirements that mitigate this threat: Requirements that mitigate this threat: MISO, DMIN, VULH Mitigations for Likelihood: * Medium to Low: * Medium to Low: TRMD, VULH * High to Low: * High to Low: PMSC or TRMD, VULH Mitigations for Impact: * Medium to Low: DMIN * High to Low: DMIN ## C.5 Mapping of use cases to risk factors Loading
