| Name |
Data Injected During Configuration |
|
| Likelyhood of attack |
Typical severity |
| Low |
High |
|
| Summary |
An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibration, causing the victim's system to perform in a suboptimal manner that benefits the adversary. |
| Prerequisites |
The attacker must have previously compromised the victim's systems or have physical access to the victim's systems. Advanced knowledge of software and hardware capabilities of a manufacturer's product. |
| Solutions | Ensure that proper access control is implemented on all systems to prevent unauthorized access to system files and processes. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-284 |
Improper Access Control |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-176 |
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack. |
|