BaseDraft

CWE-1310Missing Ability to Patch ROM Code

Category: other

Description

Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.

Common consequences· 1

  • Other — Varies by Context, Reduce Maintainability
    When the system is unable to be patched, it can be left in a vulnerable state.

Potential mitigations· 2

  • [Architecture and Design, Implementation] Secure patch support to allow ROM code to be patched on the next boot.
  • [Architecture and Design, Implementation] Support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used for limited patching of devices after shipping, or for the next batch of silicon devices manufactured, without changing the full device ROM.

Related CAPEC attack patterns· 1

CAPEC-682

References

  1. https://cwe.mitre.org/data/definitions/1310.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExploitation of Firmware or ROM Code with Unpatchable Vulnerabilitiescapec-682100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Immutable Root of Trust in Hardware
CWE
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CWE
Improper Handling of Faults that Lead to Instruction Skips
CAPEC
Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Missing Protection Mechanism for Alternate Hardware Interface
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.