CWE-1247 Detalhe

CWE-1247

Improper Protection Against Voltage and Clock Glitches
Stable
2020-02-24
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Gerenciar notificações

Nome: Improper Protection Against Voltage and Clock Glitches

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

Informações Gerais

Modos de Introdução

Operation

Plataformas Aplicáveis

Linguagem

Class: Not Language-Specific (Undetermined)

Sistemas Operacionais

Class: Not OS-Specific (Undetermined)

Arquiteturas

Class: Not Architecture-Specific (Undetermined)

Tecnologias

Class: ICS/OT (Undetermined)
Class: System on Chip (Undetermined)
Name: Power Management Hardware (Undetermined)
Name: Clock/Counter Hardware (Undetermined)
Name: Sensor Hardware (Undetermined)

Consequências Comuns

Escopo Impacto Probabilidade
Confidentiality
Integrity
Availability
Access Control		Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands

Exemplos Observados

Referências Descrição

CVE-2019-17391

Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.

CVE-2021-33478

IP communication firmware allows access to a boot shell via certain impulses

Mitigações Potenciais

Phases : Architecture and Design // Implementation

Métodos de Detecção

Manual Analysis

Eficácia : Moderate

Dynamic Analysis with Manual Results Interpretation

During the implementation phase where actual hardware is available, specialized hardware tools and apparatus such as ChipWhisperer may be used to check if the platform is indeed susceptible to voltage and clock glitching attacks.

Architecture or Design Review

Review if the protections against glitching merely transfer the attack target. For example, suppose a critical authentication routine that an attacker would want to bypass is given the protection of modifying certain artifacts from within that specific routine (so that if the routine is bypassed, one can examine the artifacts and figure out that an attack must have happened). However, if the attacker has the ability to bypass the critical authentication routine, they might also have the ability to bypass the other protection routine that checks the artifacts. Basically, depending on these kind of protections is akin to resorting to "Security by Obscurity".

Architecture or Design Review

Many SoCs come equipped with a built-in Dynamic Voltage and Frequency Scaling (DVFS) that can control the voltage and clocks via software alone. However, there have been demonstrated attacks (like Plundervolt and CLKSCREW) that target this DVFS [REF-1081] [REF-1082]. During the design and implementation phases, one needs to check if the interface to this power management feature is available from unprivileged SW (CWE-1256), which would make the attack very easy.

Notas de Mapeamento de Vulnerabilidade

Justificativa : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comentário : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Padrões de Ataque Relacionados

CAPEC-ID Nome do Padrão de Ataque
CAPEC-624 Hardware Fault Injection
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.
CAPEC-625 Mobile Device Fault Injection
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.

Referências

REF-1061

Circuit Techniques for Dynamic Variation Tolerance
Keith Bowman, James Tschanz, Chris Wilkerson, Shih-Lien Lu, Tanay Karnik, Vivek De, Shekhar Borkar.
https://dl.acm.org/doi/10.1145/1629911.1629915

REF-1062

Razor: A Low-Power Pipeline Based on Circuit-Level Timing Speculation
Dan Ernst, Nam Sung Kim, Shidhartha Das, Sanjay Pant, Rajeev Rao, Toan Pham, Conrad Ziesler, David Blaauw, Todd Austin, Krisztian Flautner, Trevor Mudge.
https://web.eecs.umich.edu/~taustin/papers/MICRO36-Razor.pdf

REF-1063

Tunable Replica Circuits and Adaptive Voltage-Frequency Techniques for Dynamic Voltage, Temperature, and Aging Variation Tolerance
James Tschanz, Keith Bowman, Steve Walstra, Marty Agostinelli, Tanay Karnik, Vivek De.
https://ieeexplore.ieee.org/document/5205410

REF-1064

FAME: Fault-attack Aware Microprocessor Extensions for Hardware Fault Detection and Software Fault Response
Bilgiday Yuce, Nahid F. Ghalaty, Chinmay Deshpande, Conor Patrick, Leyla Nazhandali, Patrick Schaumont.
https://dl.acm.org/doi/10.1145/2948618.2948626

REF-1065

A 45 nm Resilient Microprocessor Core for Dynamic Variation Tolerance
Keith A. Bowman, James W. Tschanz, Shih-Lien L. Lu, Paolo A. Aseron, Muhammad M. Khellah, Arijit Raychowdhury, Bibiche M. Geuskens, Carlos Tokunaga, Chris B. Wilkerson, Tanay Karnik, Vivek De.
https://ieeexplore.ieee.org/document/5654663

REF-1066

Bypassing Secure Boot Using Fault Injection
Niek Timmers, Albert Spruyt.
https://www.blackhat.com/docs/eu-16/materials/eu-16-Timmers-Bypassing-Secure-Boot-Using-Fault-Injection.pdf

REF-1217

Security Engineering
Ross Anderson.
https://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf

REF-1217

Security Engineering
Ross Anderson.
https://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf

REF-1081

Plundervolt
Kit Murdock, David Oswald, Flavio D Garcia, Jo Van Bulck, Frank Piessens, Daniel Gruss.
https://plundervolt.com/

REF-1082

CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
Adrian Tang, Simha Sethumadhavan, Salvatore Stolfo.
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf

REF-1285

Physical Security Attacks Against Silicon Devices
Texas Instruments.
https://www.ti.com/lit/an/swra739/swra739.pdf?ts=1644234570420

REF-1286

On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical Attacks
Lennert Wouters, Benedikt Gierlichs, Bart Preneel.
https://eprint.iacr.org/2022/328.pdf

Submissão

Nome Organização Data Data de lançamento Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi Intel Corporation 2020-02-12 +00:00 2020-02-24 +00:00 4.0

Modificações

Nome Organização Data Comentário
CWE Content Team MITRE 2020-08-20 +00:00 updated Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns
CWE Content Team MITRE 2020-12-10 +00:00 updated Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Functional_Areas
CWE Content Team MITRE 2021-10-28 +00:00 updated Description, Detection_Factors, Name, References, Weakness_Ordinalities
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2022-06-28 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2022-10-13 +00:00 updated Demonstrative_Examples, References
CWE Content Team MITRE 2023-01-31 +00:00 updated Applicable_Platforms, Related_Attack_Patterns, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples
CWE Content Team MITRE 2025-09-09 +00:00 updated Relationships
CWE Content Team MITRE 2025-12-11 +00:00 updated Demonstrative_Examples
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.