CWE-1302 Details

CWE-1302

Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
Incomplete
2020-08-20
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Benachrichtigungen verwalten

Name: Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)

The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.

Allgemeine Informationen

Einführungsmodi

Architecture and Design : Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.
Implementation : Such issues could be introduced during implementation and identified later during Testing or System Configuration phases.

Anwendbare Plattformen

Sprache

Class: Not Language-Specific (Undetermined)

Betriebssysteme

Class: Not OS-Specific (Undetermined)

Architekturen

Class: Not Architecture-Specific (Undetermined)

Technologien

Class: Not Technology-Specific (Undetermined)

Häufige Konsequenzen

Bereich Auswirkung Wahrscheinlichkeit
Confidentiality
Integrity
Availability
Access Control		Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Execute Unauthorized Code or CommandsHigh

Mögliche Gegenmaßnahmen

Phases : Architecture and Design
Transaction details must be reviewed for design inconsistency and common weaknesses.
Phases : Implementation
Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing.

Hinweise zur Schwachstellen-Zuordnung

Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Verwandte Angriffsmuster

CAPEC-ID Name des Angriffsmusters
CAPEC-121 Exploit Non-Production Interfaces
CAPEC-681 Exploitation of Improperly Controlled Hardware Security Identifiers

Einreichung

Name Organisation Datum Veröffentlichungsdatum Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna Intel Corporation 2020-02-14 +00:00 2020-08-20 +00:00 4.2

Änderungen

Name Organisation Datum Kommentar
CWE Content Team MITRE 2021-07-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2021-10-28 +00:00 updated Demonstrative_Examples, Relationships
CWE Content Team MITRE 2022-04-28 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-10-13 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2024-02-29 +00:00 updated Description, Name
CWE Content Team MITRE 2025-12-11 +00:00 updated Demonstrative_Examples, Weakness_Ordinalities
Die auf CVE Find präsentierten Informationen stammen aus mehreren sorgfältig ausgewählten Referenzquellen. CVE-Daten werden von der MITRE Corporation und der National Vulnerability Database (NVD) bereitgestellt. Der Katalog bekannter ausgenutzter Schwachstellen (KEV) stammt von der Cybersecurity and Infrastructure Security Agency (CISA), während EPSS-Scores von FIRST.org kommen. Darüber hinaus werden Daten zu Software-Schwachstellen (CWE) und häufigen Angriffsmustern (CAPEC) von der MITRE Corporation gepflegt, und Informationen zu Hardware- und Software-Konfigurationen (CPE) werden von der NVD bereitgestellt.