CAPEC-440: Hardware Integrity Attack
An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a new one installed during its deployed use at the victim location for the purpose of carrying out an attack.
Last updated
Overview
CAPEC-440 (Hardware Integrity Attack) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Influence over the deployed system at a victim location.
Consequences
What a successful CAPEC-440 attack can achieve.
Execute Unauthorized Commands
Affects: Integrity
Terminology & mappings
Mapped taxonomies
- ATTACK: Supply Chain Compromise: Compromise Hardware Supply Chain (1195.003)
- ATTACK: Hardware Additions (1200)
Frequently asked questions
Common questions about CAPEC-440.
- What is CAPEC-440?
- An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a new one installed during its deployed use at the victim location for the purpose of carrying out an attack.
- How severe is CAPEC-440?
- MITRE rates CAPEC-440 as High severity with low likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-440
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.