QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-1245

Back to CWE list

CWE-1245

Improper Finite State Machines (FSMs) in Hardware Logic

Base
Incomplete

Description

Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.

{"xhtml:p":["The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM."]}

Common Consequences

Scope

Availability
Access Control

Impact

Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Gain Privileges or Assume Identity

Potential Mitigations

Architecture and Design
Implementation

Define all possible states and handle all unused states through default statements. Ensure that system defaults to a secure state.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now