CWE-1221 Base Incomplete

Incorrect Register Defaults or Module Parameters

This vulnerability occurs when hardware description language (HDL) code sets insecure default values for hardware registers or configurable module parameters. These hardcoded values leave the…

Definition

What is CWE-1221?

This vulnerability occurs when hardware description language (HDL) code sets insecure default values for hardware registers or configurable module parameters. These hardcoded values leave the hardware in an unsafe state after a reset, creating a permanent security weakness that software cannot patch.
Hardware designs use registers to store programmable settings and controls, which must be initialized to secure default values upon reset. These defaults, along with configurable parameters that define how a hardware module behaves, are hardcoded directly into the HDL. If these values are set insecurely, the hardware boots into a vulnerable state that untrusted software could immediately exploit. Because these defaults and parameters are baked into the silicon during manufacturing, they cannot be fixed with a software or firmware update. This makes such flaws especially critical and expensive to correct later. Given the large number of configurable settings in modern designs, automated tooling is essential to scan for and flag security-sensitive parameters, ensuring they are properly configured from the start.
Auswirkungen in der Praxis

Real-world CVEs caused by CWE-1221

Bisher sind in MITREs Katalog keine öffentlichen CVE-Referenzen mit dieser CWE verknüpft.

Wie Angreifer es ausnutzen

Angreiferpfad Schritt für Schritt

  1. 1

    Consider example design module system verilog code shown below. The register_example module is an example parameterized module that defines two parameters, REGISTER_WIDTH and REGISTER_DEFAULT. Register_example module defines a Secure_mode setting, which when set makes the register content read-only and not modifiable by software writes. register_top module instantiates two registers, Insecure_Device_ID_1 and Insecure_Device_ID_2. Generally, registers containing device identifier values are required to be read only to prevent any possibility of software modifying these values.

  2. 2

    These example instantiations show how, in a hardware design, it would be possible to instantiate the register module with insecure defaults and parameters.

  3. 3

    In the example design, both registers will be software writable since Secure_mode is defined as zero.

  4. 4

    The example code is taken from the fuse memory inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1356]. Fuse memory can be used to store key hashes, password hashes, and configuration information. For example, the password hashes of JTAG and HMAC are stored in the fuse memory in the OpenPiton design.

  5. 5

    During the firmware setup phase, data in the Fuse memory are transferred into the registers of the corresponding SoC peripherals for initialization. However, if the offset to access the password hash is set incorrectly, programs cannot access the correct password hash from the fuse memory, breaking the functionalities of the peripherals and even exposing sensitive information through other peripherals.

Verwundbares Codebeispiel

Vulnerable Verilog

Consider example design module system verilog code shown below. The register_example module is an example parameterized module that defines two parameters, REGISTER_WIDTH and REGISTER_DEFAULT. Register_example module defines a Secure_mode setting, which when set makes the register content read-only and not modifiable by software writes. register_top module instantiates two registers, Insecure_Device_ID_1 and Insecure_Device_ID_2. Generally, registers containing device identifier values are required to be read only to prevent any possibility of software modifying these values.

Verwundbar Verilog 
// Parameterized Register module example 
 // Secure_mode : REGISTER_DEFAULT[0] : When set to 1 register is read only and not writable// 
 module register_example 
 #( 
 parameter REGISTER_WIDTH = 8, // Parameter defines width of register, default 8 bits 
 parameter [REGISTER_WIDTH-1:0] REGISTER_DEFAULT = 2**REGISTER_WIDTH -2 // Default value of register computed from Width. Sets all bits to 1s except bit 0 (Secure _mode) 
 ) 
 ( 
 input [REGISTER_WIDTH-1:0] Data_in, 
 input Clk, 
 input resetn, 
 input write, 
 output reg [REGISTER_WIDTH-1:0] Data_out 
 ); 

 reg Secure_mode; 

 always @(posedge Clk or negedge resetn) 

```
   if (~resetn) 
   begin 
  	 Data_out <= REGISTER_DEFAULT; // Register content set to Default at reset 
  	 Secure_mode <= REGISTER_DEFAULT[0]; // Register Secure_mode set at reset 
   end 
   else if (write & ~Secure_mode) 
   begin 
  	 Data_out <= Data_in; 
   end 
 endmodule 
 module register_top 
 ( 
 input Clk, 
 input resetn, 
 input write, 
 input [31:0] Data_in, 
 output reg [31:0] Secure_reg, 
 output reg [31:0] Insecure_reg 
 ); 
 register_example #( 
   .REGISTER_WIDTH (32), 
   .REGISTER_DEFAULT (1224) // Incorrect Default value used bit 0 is 0. 
 ) Insecure_Device_ID_1 ( 
   .Data_in (Data_in), 
   .Data_out (Secure_reg), 
   .Clk (Clk), 
   .resetn (resetn), 
   .write (write) 
 ); 
 register_example #(
   .REGISTER_WIDTH (32) // Default not defined 2^32-2 value will be used as default. 
 ) Insecure_Device_ID_2 ( 
   .Data_in (Data_in), 
   .Data_out (Insecure_reg), 
   .Clk (Clk), 
   .resetn (resetn), 
   .write (write) 
 ); 
 endmodule
Sicheres Codebeispiel

Secure Verilog

In the example design, both registers will be software writable since Secure_mode is defined as zero.

Sicher Verilog 
register_example #( 

```
   .REGISTER_WIDTH (32), 
   .REGISTER_DEFAULT (1225) // Correct default value set, to enable Secure_mode 
 ) Secure_Device_ID_example ( 
   .Data_in (Data_in), 
   .Data_out (Secure_reg), 
   .Clk (Clk), 
   .resetn (resetn), 
   .write (write) 
 );
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Präventions-Checkliste

How to prevent CWE-1221

  • Architecture and Design During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings.
  • Implementation The default values of these security sensitive settings need to be defined as part of the design review phase.
  • Testing Testing phase should use automated tools to test that values are configured per design specifications.
Erkennungssignale

How to detect CWE-1221

SAST High

Führe statische Analyse (SAST) auf der Codebasis aus und suche im Datenfluss nach dem unsicheren Muster.

DAST Moderate

Führe dynamische Application-Security-Tests gegen den Live-Endpoint aus.

Runtime Moderate

Beobachte Runtime-Logs auf ungewöhnliche Exception-Traces, fehlerhafte Eingaben oder Versuche, Autorisierung zu umgehen.

Code review Moderate

Code Review: Markiere jeden neuen Code, der Eingaben von dieser Oberfläche ohne validierte Framework-Helper verarbeitet.

Plexicus Auto-Fix

Plexicus erkennt CWE-1221 automatisch und öffnet in unter 60 Sekunden einen Fix-PR.

Codex Remedium scannt jeden Commit, identifiziert genau diese Schwachstelle und liefert einen reviewer-ready Pull Request mit dem Patch. Keine Tickets. Keine Hand-offs.

Demo anfordern Plexicus kostenlos testen
Häufig gestellte Fragen

Frequently asked questions

Was ist CWE-1221?

This vulnerability occurs when hardware description language (HDL) code sets insecure default values for hardware registers or configurable module parameters. These hardcoded values leave the hardware in an unsafe state after a reset, creating a permanent security weakness that software cannot patch.

Wie gravierend ist CWE-1221?

MITRE hat für diese Schwachstelle keine Exploit-Wahrscheinlichkeit veröffentlicht. Behandle sie als mittlere Auswirkung, bis dein Threat Model anderes belegt.

Welche Sprachen oder Plattformen sind von CWE-1221 betroffen?

MITRE lists the following affected platforms: Verilog, VHDL, Not Technology-Specific.

Wie kann ich CWE-1221 verhindern?

During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings. The default values of these security sensitive settings need to be defined as part of the design review phase.

Wie erkennt und behebt Plexicus CWE-1221?

Die SAST-Engine von Plexicus erkennt die Datenfluss-Signatur von CWE-1221 bei jedem Commit. Bei einem Treffer öffnet unser Codex-Remedium-Agent einen Fix-PR mit korrigiertem Code, Tests und einer einzeiligen Zusammenfassung für den Reviewer.

Wo erfahre ich mehr über CWE-1221?

MITRE veröffentlicht die kanonische Definition unter https://cwe.mitre.org/data/definitions/1221.html. Für ergänzende Hinweise kannst du auch die OWASP- und NIST-Dokumentation heranziehen.

Verwandte Schwachstellen

Weaknesses related to CWE-1221

CWE-1419 Parent

Incorrect Initialization of Resource

This weakness occurs when a system fails to properly set up a resource during its creation, leaving it in an unstable, incorrect, or…

CWE-1051 Sibling

Initialization with Hard-Coded Network Resource Configuration Data

This vulnerability occurs when software uses fixed, hard-coded values—like IP addresses, domain names, or URLs—to identify network…

CWE-1052 Sibling

Excessive Use of Hard-Coded Literals in Initialization

This weakness occurs when software initializes variables or data structures using hard-coded values (like strings, file paths, or network…

CWE-1188 Sibling

Initialization of a Resource with an Insecure Default

This vulnerability occurs when software uses an insecure default setting or value for a resource, assuming an administrator will change it…

CWE-454 Sibling

External Initialization of Trusted Variables or Data Stores

This vulnerability occurs when an application sets up its critical internal variables or storage systems using data from untrusted,…

Ressourcen

Further reading

Bereit, wenn du es bist

Schluss mit dem Bezahlen pro Entwickler.
Schließ den Kreislauf.

Plexicus ist die KI-native ASPM, die scannt, filtert, fixt, pentestet und erklärt — autonom. Unbegrenzte Entwickler, unbegrenzte Repos, Fair-Use-KI-Aktionen. Echter kostenloser Tarif, €269/mo jährlich, wenn du bereit bist.

Kostenlos starten Demo buchen