CWE-1294 Details

CWE-1294

Insecure Security Identifier Mechanism
Incomplete
2020-08-20
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Benachrichtigungen verwalten

Name: Insecure Security Identifier Mechanism

The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.

Allgemeine Informationen

Einführungsmodi

Architecture and Design : Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases.
Implementation : Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases.

Anwendbare Plattformen

Sprache

Class: Not Language-Specific (Undetermined)

Betriebssysteme

Class: Not OS-Specific (Undetermined)

Architekturen

Class: Not Architecture-Specific (Undetermined)

Technologien

Name: Bus/Interface Hardware (Undetermined)
Class: Not Technology-Specific (Undetermined)

Häufige Konsequenzen

Bereich Auswirkung Wahrscheinlichkeit
Confidentiality
Integrity
Availability
Access Control		Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality DegradationHigh

Mögliche Gegenmaßnahmen

Phases : Architecture and Design
Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses.
Phases : Implementation
Access and programming flows must be tested in pre-silicon and post-silicon testing.

Hinweise zur Schwachstellen-Zuordnung

Begründung : This CWE entry is a Class and might have Base-level children that would be more appropriate
Kommentar : Examine children of this entry to see if there is a better fit

Verwandte Angriffsmuster

CAPEC-ID Name des Angriffsmusters
CAPEC-121 Exploit Non-Production Interfaces
CAPEC-681 Exploitation of Improperly Controlled Hardware Security Identifiers

Hinweise

This entry is still under development and will continue to see updates and content improvements.

Einreichung

Name Organisation Datum Veröffentlichungsdatum Version
CWE Content Team MITRE 2020-07-17 +00:00 2020-08-20 +00:00 4.2

Änderungen

Name Organisation Datum Kommentar
CWE Content Team MITRE 2021-07-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Related_Attack_Patterns
CWE Content Team MITRE 2022-06-28 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities
Die auf CVE Find präsentierten Informationen stammen aus mehreren sorgfältig ausgewählten Referenzquellen. CVE-Daten werden von der MITRE Corporation und der National Vulnerability Database (NVD) bereitgestellt. Der Katalog bekannter ausgenutzter Schwachstellen (KEV) stammt von der Cybersecurity and Infrastructure Security Agency (CISA), während EPSS-Scores von FIRST.org kommen. Darüber hinaus werden Daten zu Software-Schwachstellen (CWE) und häufigen Angriffsmustern (CAPEC) von der MITRE Corporation gepflegt, und Informationen zu Hardware- und Software-Konfigurationen (CPE) werden von der NVD bereitgestellt.