BaseIncomplete

CWE-1302Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)

Category: other

Description

The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control — Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Execute Unauthorized Code or Commands

Potential mitigations· 2

  • [Architecture and Design]Transaction details must be reviewed for design inconsistency and common weaknesses.
  • [Implementation]Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing.

Related CAPEC attack patterns· 2

CAPEC-121CAPEC-681

References

  1. https://cwe.mitre.org/data/definitions/1302.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternExploit Non-Production Interfacescapec-121100%live
AttackPatternExploitation of Improperly Controlled Hardware Security Identifierscapec-681100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insecure Security Identifier Mechanism
CWE
Incorrect Decoding of Security Identifiers
CWE
Incorrect Conversion of Security Identifiers
CWE
Improper Identifier for IP Block used in System-On-Chip (SOC)
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.