All posts by rocco

CWE

CWE-1301 – Insufficient or Incomplete Data Removal within Hardware Component

Read Time:23 Second

Description

The product’s data removal process does not completely delete all data and potentially sensitive information within hardware components.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-226

 

Consequences

Confidentiality: Read Memory, Read Application Data

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Apply blinding or masking techniques to implementations of cryptographic algorithms.

Phase: Implementation

Description: 

Alter the method of erasure, add protection of media, or destroy the media to protect the data.

CVE References

CWE

CWE-1302 – Missing Security Identifier

Read Time:32 Second

Description

The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1294

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Transaction details must be reviewed for design inconsistency and common weaknesses.

Phase: Implementation

Description: 

Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing.

CVE References

CWE

CWE-1303 – Non-Transparent Sharing of Microarchitectural Resources

Read Time:44 Second

Description

Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1189
CWE-203

 

Consequences

Confidentiality: Read Application Data, Read Memory

Microarchitectural side-channels have been used to leak specific information such as cryptographic keys, and Address Space Layout Randomization (ALSR) offsets as well as arbitrary memory.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers.

Phase: Requirements

Description: 

Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers.

CVE References

CWE

CWE-1269 – Product Released in Non-Release Configuration

Read Time:1 Minute, 24 Second

Description

The product released to market is released in pre-production or manufacturing configuration.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-693

 

Consequences

Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Other

 

Potential Mitigations

Phase: Implementation

Description: 

Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown).

Phase: Integration

Description: 

Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown).

Phase: Manufacturing

Description: 

Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown).

CVE References

  • CVE-2019-13945
    • Regarding SSA-686531, a hardware based manufacturing access on S7-1200 and
      S7-200 SMART has occurred. A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication, no public exploitation of this security vulnerability was known.
  • CVE-2018-4251
    • Laptops with Intel chipsets were found to be running in Manufacturing Mode. After this information was reported to the OEM, the vulnerability (CVE-2018-4251) was patched disallowing access to the interface.
CWE

CWE-127 – Buffer Under-read

Read Time:46 Second

Description

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-125
CWE-786

 

Consequences

Confidentiality: Read Memory

Confidentiality: Bypass Protection Mechanism

By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

 

Potential Mitigations

CVE References

CWE

CWE-1270 – Generation of Incorrect Security Tokens

Read Time:27 Second

Description

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284
CWE-1294

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Files or Directories, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Memory, Modify Memory, DoS: Crash, Exit, or Restart

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

CVE References

CWE

CWE-1271 – Uninitialized Value on Reset for Registers Holding Security Settings

Read Time:23 Second

Description

Security-critical logic is not set to a known value on reset.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-665

 

Consequences

Access Control, Authentication, Authorization: Varies by Context

 

Potential Mitigations

Phase: Implementation

Description: 

Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions.

Phase: Architecture and Design

Description: 

All registers holding security-critical information should be set to a specific value on reset.

CVE References

CWE

CWE-1272 – Sensitive Information Uncleared Before Debug/Power State Transition

Read Time:44 Second

Description

The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-226
CWE-200

 

Consequences

Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Read Memory, Read Application Data

Sensitive information may be used to unlock additional capabilities of the device and take advantage of hidden functionalities which could be used to compromise device security.

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

During state transitions, information not needed in the next state should be removed before the transition to the next state.

CVE References

  • CVE-2020-12926
    • Product software does not set a flag as per TPM specifications, thereby preventing a failed authorization attempt from being recorded after a loss of power.
CWE

CWE-1274 – Improper Access Control for Volatile Memory Containing Boot Code

Read Time:40 Second

Description

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Access Control, Integrity: Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.

Phase: Testing

Description: 

Test the volatile-memory protections to ensure they are safe from modification or untrusted code.

CVE References

  • CVE-2019-2267
    • Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.