Description
Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values.
Modes of Introduction:
– Implementation
Related Weaknesses
CWE-665
Consequences
Confidentiality, Integrity, Availability, Access Control: Varies by Context
Degradation of system functionality, or loss of access control enforcement can occur.
Potential Mitigations
Phase: Architecture and Design
Description:
During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings.
Phase: Implementation
Description:
The default values of these security sensitive settings need to be defined as part of the design review phase.
Phase: Testing
Description:
Testing phase should use automated tools to test that values are configured per design specifications.
CVE References
