BaseStable

CWE-1262Improper Access Control for Register Interface

Category: other

Description

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

Common consequences· 1

  • Confidentiality / Integrity — Read Memory, Read Application Data, Modify Memory, Modify Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Unexpected State, Alter Execution Logic
    Confidentiality of hardware assets may be violated if the protected information can be read out by software through the register interface. Registers storing security state, settings, other security-critical data may be corruptible by software without correctly implemented protections.

Potential mitigations· 2

  • [Architecture and Design]Design proper policies for hardware register access from software.
  • [Implementation]Ensure that access control policies for register access are implemented in accordance with the specified design.

Related CAPEC attack patterns· 1

CAPEC-680

References

  1. https://cwe.mitre.org/data/definitions/1262.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExploitation of Improperly Controlled Registerscapec-680100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Restriction of Software Interfaces to Hardware Features
CWE
Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE
Improper Prevention of Lock Bit Modification
CWE
Exposed IOCTL with Insufficient Access Control
CWE
On-Chip Debug and Test Interface With Improper Access Control
CWE
Internal Asset Exposed to Unsafe Debug Access Level or State
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.