1. Home
  2. Weaknesses
  3. CWE-1224

CWE-1224: Improper Restriction of Write-Once Bit Fields

ID CWE-1224
Abstraction Base
Structure Simple
Status Incomplete
Number of CVEs 1
Detail CAPEC Dashboard Vulnerabilities Web & Social
The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.

Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to define default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make the settings write-once or "sticky." This allows writing to such registers only once, whereupon they become read-only. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings.

Failure to implement write-once restrictions in hardware design can expose such registers to being re-programmed by software and written multiple times. For example, write-once fields could be implemented to only be write-protected if they have been set to value "1", wherein they would work as "write-1-once" and not "write-once".

Modes of Introduction

Phase Note
Architecture and Design
Implementation Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases.

Applicable Platforms

Type Class Name Prevalence
Language Verilog
Language VHDL
Technology System on Chip

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-284 Improper Access Control Pillar Simple Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-680 Exploitation of Improperly Controlled Registers CWE-1224

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date