1. Home
  2. Weaknesses
  3. CWE-1272

CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition

ID CWE-1272
Abstraction Base
Structure Simple
Status Stable
Number of CVEs 1
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.

A device or system frequently employs many power and sleep states during its normal operation (e.g., normal power, additional power, low power, hibernate, deep sleep, etc.). A device also may be operating within a debug condition. State transitions can happen from one power or debug state to another. If there is information available in the previous state which should not be available in the next state and is not properly removed before the transition into the next state, sensitive information may leak from the system.

Modes of Introduction

Phase Note
Architecture and Design

Applicable Platforms

Type Class Name Prevalence
Language VHDL
Language Verilog
Language Hardware Description Language
Operating_system Not OS-Specific
Architecture Not Architecture-Specific
Technology Not Technology-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-226 Sensitive Information in Resource Not Removed Before Reuse Base Simple Draft
CWE-1000 Research Concepts Draft CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-37 Retrieve Embedded Sensitive Data CWE-1272
CAPEC-150 Collect Data from Common Resource Locations CWE-1272
CAPEC-545 Pull Data from System Resources CWE-1272
CAPEC-546 Incomplete Data Deletion in a Multi-Tenant Environment CWE-1272

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date