CAPEC-440 - Integrity Modification During Deployed Use

An attacker modifies a technology, product, component, or sub-component during its deployed use at the victim location for the purpose of carrying out an attack. After deployment, it is not uncommon for upgrades and replacements to occur involving firmware, software, hardware, replaceable parts etc. These upgrades and replacements are intended to correct defects, provide additional features, replace broken or worn-out parts, and are considered an important part of the lifecycle of a deployed piece of technology. As the upgrade and replacement part of the lifecycle can involve multiple manufacturers and suppliers, subcontractors, and cross international boundaries, there are multiple points of disruption for the attacker.

Severity

Likelihood

Confidentiality

Integrity

Availability