BaseIncomplete

CWE-1282Assumed-Immutable Data is Stored in Writable Memory

Category: memory

Description

Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.

Common consequences· 1

  • Integrity — Varies by Context

Potential mitigations· 1

  • [Implementation]All immutable code or data should be programmed into ROM or write-once memory.

Related CAPEC attack patterns· 2

CAPEC-458CAPEC-679

References

  1. https://cwe.mitre.org/data/definitions/1282.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternExploitation of Improperly Configured or Implemented Memory Protectionscapec-679100%live
AttackPatternFlash Memory Attackscapec-458100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Mutable Attestation or Measurement Reporting Data
CWE
Improper Restriction of Write-Once Bit Fields
CWE
Remanent Data Readable after Memory Erase
CWE
Authentication Bypass by Assumed-Immutable Data
CWE
Race Condition for Write-Once Attributes
CWE
Missing Immutable Root of Trust in Hardware
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.