VRT Additions/Modfications for Hardware/IT/OT/ICS

[TheNerdyFeline]

This is just a start on updating VRT for hardware submissions. I think updating current automotive ones to more general hardware would help instead of repeating issues. We could also combine a couple of repetitive ones into a single item. I also started coming up with a list of new ones to add based issues I have seen in testing. Please let me know your thoughts and if wording could be improved.

Update P4 Automotive Security Misconfiguration > CAN > Injection (Disallowed Messages) Change to P4 Hardware Security Misconfiguration > CAN > Injection (Disallowed Messages)

P4 Automotive Security Misconfiguration > CAN > Injection (DoS) Change to P3 Hardware Security Misconfiguration > CAN > Injection (DoS)

P4 Automotive Security Misconfiguration > Infotainment, Radio Head Unit > Denial of Service (DoS / Brick) Change to P4 Hardware Security Misconfiguration > Denial of Service (DoS / Brick)

P2 Automotive Security Misconfiguration > Infotainment, Radio Head Unit > OTA Firmware Manipulation Change To P1 Insecure OS/Firmware > Weakness in Firmware Updates > Over The Air Firmware Manipulation

P3 Automotive Security Misconfiguration > Battery Management System > Firmware Dump Change to P3 Hardware Security Misconfiguration > Open Debug Ports > Firmware Dump

Combine P4 Automotive Security Misconfiguration > Infotainment, Radio Head Unit > Default Credentials and P1 Server Security Misconfiguration > Using Default Credentials Combine to P1 Network Security Misconfiguration > Using Default Credentials

Add P1 OT/ICS Network Security Misconfiguration > Unencrypted Communication Protocols > Unauthenticated Access Allowed on Network

P2 Insecure OS/Firmware > Weakness in Firmware Updates > Physical Access Firmware Manipulation

P2 Network Security Misconfiguration > Insufficient Network Isolation > MAC Address Spoofing

P3 Insecure OS/Firmware > Insecure Boot Configuration > Allowing Loading of Unsigned/Unvalidated Boot Commands

P3 Insecure OS/Firmware > Insecure Boot Configuration > Arbitrary Code Execution

P4 Insecure OS/Firmware > Insecure Boot Configuration > Bootloader Not Password Protected

P4 Network Security Misconfiguration > Using Default TCP Ports

Varies Network Security Misconfiguration > Insufficient Network Isolation

Varies OT/ICS Network Security Misconfiguration > Unencrypted Communication Protocols

Varies OT/ICS Network Security Misconfiguration > Insufficient Access Control Lists (ACLs) on network shares and services

Varies Insecure OS/Firmware > Insecure Boot Configuration