Tag Archives: CWE- 1245

CWE-1245 – Improper Finite State Machines (FSMs) in Hardware Logic

Read Time:30 Second

Description

Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim’s system.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-684

 

Consequences

Availability, Access Control: Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Gain Privileges or Assume Identity

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Effectiveness: High

Description: 

Define all possible states and handle all unused states through default statements. Ensure that system defaults to a secure state.

CVE References