BaseDraft

CWE-1292Incorrect Conversion of Security Identifiers

Category: other

Description

The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control — Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality Degradation

Potential mitigations· 2

  • [Architecture and Design]Security identifier decoders must be reviewed for design inconsistency and common weaknesses.
  • [Implementation]Access and programming flows must be tested in pre-silicon and post-silicon testing.

References

  1. https://cwe.mitre.org/data/definitions/1292.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Decoding of Security Identifiers
CWE
Improper Validation of Integrity Check Value
CWE
Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CWE
Insecure Security Identifier Mechanism
CWE
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE
Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.