QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-1296

Back to CWE list

CWE-1296

Incorrect Chaining or Granularity of Debug Components

Base
Incomplete

Description

The product's debug components contain incorrect chaining or granularity of debug components.

{"xhtml:p":["For debugging and troubleshooting a chip, several hardware design elements are often implemented, including:","Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could allow unintended access permissions."],"xhtml:ul":[{"xhtml:li":["Various Test Access Ports (TAPs) allow boundary scan commands to be executed.","For scanning the internal components of a chip, there are scan cells that allow the chip to be used as a \"stimulus and response\" mechanism.","Chipmakers might create custom methods to observe the internal components of their chips by placing various tracing hubs within their chip and creating hierarchical or interconnected structures among those hubs."]}]}

Parent Weaknesses (ChildOf)

CWE-284: Improper Access Control...

Common Consequences

Scope

Confidentiality
Integrity
Access Control
Authentication
Authorization
Availability
Accountability

Impact

Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, Modify Memory, Modify Files or Directories

Potential Mitigations

Implementation

Ensure that debug components are properly chained and their granularity is maintained at different authentication levels.

CVE-2017-18347

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

CVE-2020-1791

There is an improper authorization vulnerability in several smartphones. The system has a logic-judging error, and, under certain scenarios, a successful exploit could allow the attacker to switch to third desktop after a series of operations in ADB mode. (Vulnerability ID: HWPSIRT-2019-10114).

Applicable Platforms

Verilog
VHDL
Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now