Detalle CWE-1313

CWE-1313

Hardware Allows Activation of Test or Debug Logic at Runtime
Draft
2020-12-10
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificaciones para un CWE
Manténgase informado sobre cualquier cambio en un CWE específico.
Gestionar notificaciones

Nombre: Hardware Allows Activation of Test or Debug Logic at Runtime

During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.

Informaciones generales

Modos de introducción

Architecture and Design : Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.
Implementation : Such issues could be introduced during implementation and identified later during Testing or System Configuration phases.
Integration : Such issues could be introduced during integration and identified later during Testing or System configuration phases.

Plataformas aplicables

Lenguaje

Class: Not Language-Specific (Undetermined)

Sistemas operativos

Class: Not OS-Specific (Undetermined)

Arquitecturas

Class: Not Architecture-Specific (Undetermined)

Tecnologías

Class: Not Technology-Specific (Undetermined)

Consecuencias comunes

Alcance Impacto Probabilidad
Confidentiality
Integrity
Availability		Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Alter Execution Logic, Quality Degradation, Unexpected State, Reduce Performance, Reduce Reliability

Ejemplos observados

Referencias Descripción

CVE-2021-33150

Hardware processor allows activation of test or debug logic at runtime.

CVE-2021-0146

Processor allows the activation of test or debug logic at runtime, allowing escalation of privileges

Mitigaciones potenciales

Phases : Architecture and Design
Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
Phases : Implementation
Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
Phases : Integration
Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.

Notas de mapeo de vulnerabilidades

Justificación : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comentario : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Patrones de ataque relacionados

CAPEC-ID Nombre del patrón de ataque
CAPEC-121 Exploit Non-Production Interfaces

Envío

Nombre Organización Fecha Fecha de lanzamiento Version
Brent Sherman Accellera IP Security Assurance (IPSA) Working Group 2020-08-06 +00:00 2020-12-10 +00:00 4.3

Modificaciones

Nombre Organización Fecha Comentario
CWE Content Team MITRE 2022-04-28 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities
La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.