CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWRAF > CWE List > CWRAF - Technology Groups  
ID

CWRAF - Technology Groups

The MITRE Corporation
Copyright © 2013
http://cwe.mitre.org/cwraf/

CWRAF version: 0.8.3

Date: April 3, 2013

Project Coordinator:

Bob Martin (MITRE)

Document Editor:

Steve Christey (MITRE)
CWRAF - Technology Groups
CWRAF - Technology Groups

Following is a list of the technology groups that are used in CWRAF.

GroupDetails
Web Applications Web-based applications, clients, servers, etc.

Archetypes:

  • Web application
  • Web browser
  • Web browser plugin
  • Web client
  • Web server
  • Web proxy
  • J2EE and supporting frameworks
Real-Time Embedded Systems Real-time embedded systems.

Archetypes:

  • Programmable Logic Controller (PLC)
  • Embedded Device
  • Proprietary Firmware
Control Systems Control systems including Industrial Control Systems (ICS) and process control systems. Including but not necessarily limited to supervisory control and data acquisition (SCADA), programmable logic controller (PLC), distributed control system (DCS), Remote Terminal Units (RTU). Controllers for physical systems that operate in a chemical plant or other critical infrastructure, e.g. electric, chemical, or hydro.

Potential consequences of successful attack could include blocked/delayed flow of information; unauthorized changes to commands/alarms to damage/shut-down equipment, affect environment, or endanger human life; send inaccurate information to system operators to hide unauthorized changes or cause the operators to initiate inappropriate actions; modify ICS software or configuration settings, or install malware; interfere with operation of safety systems, possibly endangering human life.

According to an INL-NSTB report, confidentiality is less important than integrity, which is less important than availability. Distinctions could be made between sensor data and administrative information.

Archetypes:

  • Distributed Control System (DCS)
  • SCADA
  • Process Control Systems
  • Programmable Logic Controller (PLC)
  • Remote Terminal Unit (RTU)
End-Point Computing Devices Devices used for mobile computing and the mobile workforce.

Archetypes:

  • Smartphone
  • PDA
  • Laptop
Database & Storage Systems Technologies for storing and retrieving data.

Archetypes:

  • Database
  • Removable Storage Media
Operating Systems Operating systems, typically consisting of a kernel, administrative utilities, and general-purpose applications.

Archetypes:

  • General-purpose OS
  • Virtualized OS
Identity Management Systems Device authentication, privacy management, PKI, digital certificates, etc.

Archetypes:

  • PKI
  • Digital certificate
  • Privacy management
Enterprise Systems & Applications Applications that are typically deployed across an enterprise, such as desktop applications and servers.

Archetypes:

  • Database
  • Document Processing
  • General-purpose OS
  • Virtualized OS
  • Anti-Virus Program
  • VPN
  • Firewall
Cloud Computing Virtualized and Cloud environments, where applications compete for shared, dynamic infrastructure resources. Consumers obtain services remotely, instead of integrating them within internal networks.

Archetypes:

  • Infrastructure as a Service (IaaS)
  • Platform-as-a-Service (PaaS)
  • Software-as-a-Service (SaaS)
  • Virtualized OS
Enterprise Security Products Products that help the enterprise protect, detect, and react to intrusions or potential intrusions.

Archetypes:

  • Anti-Virus Program
  • VPN
  • Firewall
Network Communications Products for creating and maintaining communications across a network.

Archetypes:

  • Internet Communications
  • Modem Communications
  • Wireless Communications
  • Router
  • VPN
  • Firewall
Page Last Updated: January 18, 2017