BaseIncomplete

CWE-1271Uninitialized Value on Reset for Registers Holding Security Settings

Category: other

Description

Security-critical logic is not set to a known value on reset.

Common consequences· 1

  • Access Control / Authentication / Authorization — Varies by Context

Potential mitigations· 2

  • [Implementation]Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions.
  • [Architecture and Design]All registers holding security-critical information should be set to a specific value on reset.

Related CAPEC attack patterns· 1

CAPEC-74

References

  1. https://cwe.mitre.org/data/definitions/1271.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternManipulating Statecapec-74100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Register Defaults or Module Parameters
CWE
Sensitive Information Uncleared Before Debug/Power State Transition
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE
Improper Lock Behavior After Power State Transition
CWE
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.