SPC-20 · Mobile Threat Catalogue
Archived: 2026-04-05 19:07:14 UTC
Mobile Threat Catalogue
Component Substitution During Software Upgrade
Contribute
Threat Category: Supply Chain
ID: SPC-20
Threat Description: An adversary with access to a software support activity can substitute malicious software for
a legitimate component during a software upgrade.1
Threat Origin
Supply Chain Attack Framework and Attack Patterns 1
Exploit Examples
CVE Examples
Possible Countermeasures
References
1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;
www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2
Source: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-20.html
https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-20.html
Page 1 of 1