BaseDraft

CWE-1253Incorrect Selection of Fuse Values

Category: other

Description

The logic level used to set a system to a secure state relies on a fuse being unblown.

Common consequences· 4

  • Access Control / Authorization — Bypass Protection Mechanism, Gain Privileges or Assume Identity
    If the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.
  • Availability — DoS: Crash, Exit, or Restart
  • Confidentiality — Read Memory
  • Integrity — Modify Memory, Execute Unauthorized Code or Commands

Potential mitigations· 1

  • [Architecture and Design]Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.

Related CAPEC attack patterns· 1

CAPEC-74

References

  1. https://cwe.mitre.org/data/definitions/1253.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternManipulating Statecapec-74100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Finite State Machines (FSMs) in Hardware Logic
CWE
Hardware Logic Contains Race Conditions
CWE
Uninitialized Value on Reset for Registers Holding Security Settings
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Sensitive Non-Volatile Information Not Protected During Debug
CWE
Incorrect Register Defaults or Module Parameters
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.