Category: Debug and Test Problems
Draft
Summary
Weaknesses in this category are related to hardware debug and test interfaces such as JTAG and scan chain.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control | The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface. |
| CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | System configuration protection may be bypassed during debug mode. |
| CWE-1243 | Sensitive Non-Volatile Information Not Protected During Debug | Access to security-sensitive information stored in fuses is not limited during debug. |
| CWE-1244 | Internal Asset Exposed to Unsafe Debug Access Level or State | The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. |
| CWE-1258 | Exposure of Sensitive System Information Due to Uncleared Debug Information | The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered. |
| CWE-1272 | Sensitive Information Uncleared Before Debug/Power State Transition | The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions. |
| CWE-1291 | Public Key Re-Use for Signing both Debug and Production Code | The same public key is used for signing both debug and production code. |
| CWE-1295 | Debug Messages Revealing Unnecessary Information | The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages. |
| CWE-1296 | Incorrect Chaining or Granularity of Debug Components | The product's debug components contain incorrect chaining or granularity of debug components. |
| CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime | During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary. |
| CWE-1323 | Improper Management of Sensitive Trace Data | Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents. |
| CWE-319 | Cleartext Transmission of Sensitive Information | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.