CWE-1192: Improper Identifier for IP Block used in System-On-Chip (SOC)
The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.
Last updated
Overview
A System-on-Chip (SoC) comprises several components (IP) with varied trust requirements. It is required that each IP is identified uniquely and should distinguish itself from other entities in the SoC without any ambiguity. The unique secured identity is required for various purposes. Most of the time the identity is used to route a transaction or perform certain actions, including resetting, retrieving a sensitive information, and acting upon or on behalf of something else. There are several variants of this weakness: A "missing" identifier is when the SoC does not define any mechanism to uniquely identify the IP. An "insufficient" identifier might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. A "misconfigured" mechanism occurs when a mechanism is available but not implemented correctly. An "ignored" identifier occurs when the SoC/IP has not applied any policies or does not act upon the identifier securely.
Common consequences
What can happen when CWE-1192 is exploited.
Bypass Protection Mechanism
Affects: Access Control
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1192, grouped by where in the lifecycle they apply.
Every identity generated in the SoC should be unique and immutable in hardware. The actions that an IP is trusted or not trusted should be clearly defined, implemented, configured, and tested. If the definition is implemented via a policy, then the policy should be immutable or protected with clear authentication and authorization.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1192.
- What is CWE-1192?
- The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.
- How do you prevent CWE-1192?
- Every identity generated in the SoC should be unique and immutable in hardware. The actions that an IP is trusted or not trusted should be clearly defined, implemented, configured, and tested. If the definition is implemented via a policy, then the policy should be immutable or protected with clear authentication and authorization.
- What are the consequences of CWE-1192?
- Exploiting CWE-1192 can lead to: Bypass Protection Mechanism.
References
- MITRE CWE definition (CWE-1192) (opens in a new tab)
- CWE-1192 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1192
Get alerted the moment a new CWE-1192 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.