Category: Power, Clock, Thermal, and Reset Concerns
Draft
Summary
Weaknesses in this category are related to system power, voltage, current, temperature, clocks, system state saving/restoring, and resets at the platform and SoC level.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1232 | Improper Lock Behavior After Power State Transition | This vulnerability occurs when a hardware lock bit, designed to protect critical system configuration registers, is improperly reset or becomes programmable after a device transitions between power states, such as entering or waking from a low-power sleep mode. This allows the protected configuration to be altered after it should be permanently locked. |
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | This vulnerability occurs when a hardware device lacks proper physical safeguards against deliberate electrical manipulation. Without dedicated protection circuits or sensors, attackers can use voltage spikes or irregular clock signals to bypass security features, potentially exposing sensitive data or taking control of the system. |
| CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | A security-critical hardware component contains physical flaws in its semiconductor material, which can cause it to malfunction and undermine its security features. |
| CWE-1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks | This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations. |
| CWE-1256 | Improper Restriction of Software Interfaces to Hardware Features | This vulnerability occurs when a system's software interfaces to hardware features—like power, clock, or performance management—are not properly locked down. This allows attackers to misuse these interfaces from software to tamper with hardware memory or registers, or to gather sensitive data by observing physical side effects, without needing physical access to the device. |
| CWE-1271 | Uninitialized Value on Reset for Registers Holding Security Settings | Security-critical hardware registers start with random, unpredictable values when a device powers on or resets, creating an immediate vulnerability window before software can initialize them. |
| CWE-1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation | This vulnerability occurs when a hardware component saves its configuration state during a power-down operation but fails to protect or verify the integrity of that saved data before restoring it. As a result, an attacker can tamper with the stored settings, leading to a compromised state when the device powers back on. |
| CWE-1314 | Missing Write Protection for Parametric Data Values | This vulnerability occurs when a hardware device fails to protect the scaling parameters used to convert raw sensor readings. Untrusted software can alter these conversion factors, making dangerous conditions appear safe and potentially leading to hardware damage or system failure. |
| CWE-1320 | Improper Protection for Outbound Error Messages and Alert Signals | This vulnerability occurs when hardware alert systems for critical conditions, like overheating or power surges, lack proper security. Untrusted software or agents can disable these warnings or trigger false alarms, preventing the system from taking protective actions. |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | This vulnerability occurs when a hardware device lacks or incorrectly implements the necessary circuitry or sensors to detect and respond to the skipping of critical security instructions during CPU execution. |
| CWE-1338 | Improper Protections Against Hardware Overheating | This vulnerability occurs when a hardware device lacks sufficient safeguards to prevent dangerous temperature increases during operation. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.