CWE-1296: Incorrect Chaining or Granularity of Debug Components
ID
CWE-1296
Abstraction
Base
Structure
Simple
Status
Incomplete
The product's debug components contain incorrect chaining or granularity of debug components.
For debugging and troubleshooting a chip, several hardware design elements are often implemented, including:
- Various Test Access Ports (TAPs) allow boundary scan commands to be executed.
- For scanning the internal components of a chip, there are scan cells that allow the chip to be used as a "stimulus and response" mechanism.
- Chipmakers might create custom methods to observe the internal components of their chips by placing various tracing hubs within their chip and creating hierarchical or interconnected structures among those hubs.
Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could allow unintended access permissions.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Verilog | ||
| Language | VHDL | ||
| Language | Not Language-Specific | ||
| Operating_system | Not OS-Specific | ||
| Architecture | Not Architecture-Specific | ||
| Technology | Processor Hardware | ||
| Technology | Not Technology-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org
Loading...