CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition
A device or system frequently employs many power and sleep states during its normal operation (e.g., normal power, additional power, low power, hibernate, deep sleep, etc.). A device also may be operating within a debug condition. State transitions can happen from one power or debug state to another. If there is information available in the previous state which should not be available in the next state and is not properly removed before the transition into the next state, sensitive information may leak from the system.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | VHDL | ||
Language | Verilog | ||
Language | Hardware Description Language | ||
Operating_system | Not OS-Specific | ||
Architecture | Not Architecture-Specific | ||
Technology | Not Technology-Specific |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | Base | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Class | Simple | Draft |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.orgCVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |