Category: General Circuit and Logic Design Concerns
Draft
Summary
Weaknesses in this category are related to hardware-circuit design and logic (e.g., CMOS transistors, finite state machines, and registers) as well as issues related to hardware description languages such as System Verilog and VHDL.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1209 | Failure to Disable Reserved Bits | This vulnerability occurs when reserved bits in a hardware design are left active in production. Designers sometimes use these bits for debugging or future features, but if not disabled, attackers can manipulate them to compromise the hardware's state. |
| CWE-1221 | Incorrect Register Defaults or Module Parameters | This vulnerability occurs when hardware description language (HDL) code sets insecure default values for hardware registers or configurable module parameters. These hardcoded values leave the hardware in an unsafe state after a reset, creating a permanent security weakness that software cannot patch. |
| CWE-1223 | Race Condition for Write-Once Attributes | This vulnerability occurs when an untrusted software component wins a race condition and writes to a hardware register before the trusted component can, permanently locking in an insecure value because the register is designed to be written only once. |
| CWE-1224 | Improper Restriction of Write-Once Bit Fields | This vulnerability occurs when hardware write-once protection mechanisms, often called 'sticky bits,' are incorrectly implemented, allowing software to reprogram them multiple times. |
| CWE-1231 | Improper Prevention of Lock Bit Modification | This vulnerability occurs when hardware or firmware uses a lock bit to protect critical system registers or memory regions, but fails to properly prevent that lock bit from being changed after it has been enabled. This design flaw allows attackers to bypass hardware-enforced security restrictions. |
| CWE-1232 | Improper Lock Behavior After Power State Transition | This vulnerability occurs when a hardware lock bit, designed to protect critical system configuration registers, is improperly reset or becomes programmable after a device transitions between power states, such as entering or waking from a low-power sleep mode. This allows the protected configuration to be altered after it should be permanently locked. |
| CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection | This vulnerability occurs when a hardware device uses a lock bit to protect critical configuration registers, but the lock fails to prevent writes to all registers that can alter the protected system settings. Essentially, the security mechanism is incomplete, allowing software to bypass it and modify sensitive hardware configurations. |
| CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | Hardware debug modes or internal states can bypass critical system lock protections, allowing unauthorized changes to device configuration. |
| CWE-1245 | Improper Finite State Machines (FSMs) in Hardware Logic | This vulnerability occurs when hardware logic contains flawed Finite State Machines (FSMs). Attackers can exploit these design errors to force the system into an undefined or unstable condition, potentially leading to a denial of service (DoS) or allowing privilege escalation. |
| CWE-1250 | Improper Preservation of Consistency Between Independent Representations of Shared State | This vulnerability occurs when a system with multiple independent components (like distributed services or separate hardware units) each maintain their own copy of shared data—such as user state, cache, or configuration—but the system fails to keep all these local copies synchronized and consistent with each other. |
| CWE-1253 | Incorrect Selection of Fuse Values | This vulnerability occurs when a hardware security fuse is incorrectly programmed to represent a 'secure' state as logic 0 (unblown). An attacker can permanently force the system into an insecure mode simply by blowing the fuse, which flips its value to logic 1. |
| CWE-1254 | Incorrect Comparison Logic Granularity | This vulnerability occurs when a system compares sensitive data, like passwords or authentication tokens, piece-by-piece instead of as a complete unit. If the comparison stops at the first mismatch, attackers can measure tiny timing differences to gradually guess the correct value. |
| CWE-1261 | Improper Handling of Single Event Upsets | This vulnerability occurs when hardware logic fails to properly manage single-event upsets (SEUs), which are temporary bit flips caused by environmental factors. |
| CWE-1298 | Hardware Logic Contains Race Conditions | A hardware race condition occurs when security-critical logic circuits receive signals at slightly different times, creating temporary glitches that can bypass system protections. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.