An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.
|
|
| ID | CAPEC-439 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 439 |
| Abstraction | Meta |
| Status | Draft |
| Alternate Terms | |
| Likelihood Of Attack | |
| Typical Severity | |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | |
| Skills Required | |
| Resources Required | |
| Indicators | |
| Consequences | |
| Mitigations | |
| Example Instances | ::A malicious OEM provider, or OEM provider employee or contractor, may install software, or modify existing code, during distribution.::External contractors involved in the packaging or testing of products or components may install software, or modify existing code, during distribution.:: |
| Related Weaknesses | ::1269:: |
| Taxonomy Mappings | TAXONOMY NAME:ATTACK:ENTRY ID:1195:ENTRY NAME:Supply Chain Compromise:: |
| Notes | |