BaseDraft

CWE-1323Improper Management of Sensitive Trace Data

Category: data-exposure

Description

Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents.

Common consequences· 1

  • Confidentiality — Read Memory
    An adversary can read secret values if they are captured in debug traces and stored unsafely.

Potential mitigations· 1

  • [Implementation]Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace.

Related CAPEC attack patterns· 3

CAPEC-150CAPEC-167CAPEC-545

References

  1. https://cwe.mitre.org/data/definitions/1323.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternCollect Data from Common Resource Locationscapec-150100%live
AttackPatternPull Data from System Resourcescapec-545100%live
AttackPatternWhite Box Reverse Engineeringcapec-167100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
CWE
Insecure Security Identifier Mechanism
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
CWE
Sensitive Information Uncleared Before Debug/Power State Transition
CWE
Sensitive Non-Volatile Information Not Protected During Debug
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.