1. Home
  2. Weaknesses
  3. CWE-1304

CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

ID CWE-1304
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 1
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation.

Before powering down, the Intellectual Property (IP) saves current state (S) to persistent storage such as flash or always-on memory in order to optimize the restore operation. During this process, an attacker with access to the persistent storage may alter (S) to a configuration that could potentially modify privileges, disable protections, and/or cause damage to the hardware. If the IP does not validate the configuration state stored in persistent memory, upon regaining power or becoming operational again, the IP could be compromised through the activation of an unwanted/harmful configuration.

Modes of Introduction

Phase Note
Architecture and Design Weakness introduced via missing internal integrity guarantees during power save/restore
Integration Weakness introduced via missing external integrity verification during power save/restore

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Operating_system Not OS-Specific
Architecture Not Architecture-Specific
Technology Not Technology-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-284 Improper Access Control Pillar Simple Incomplete
CWE-1000 Research Concepts Draft CWE-345 Insufficient Verification of Data Authenticity Class Simple Draft
CWE-1194 Hardware Design Draft CWE-1271 Uninitialized Value on Reset for Registers Holding Security Settings Base Simple Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-176 Configuration/Environment Manipulation CWE-1304

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date