CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic

Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM.

CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Attack patterns

Frequently asked questions

What is CWE-1245?

What CVEs are caused by CWE-1245?

How do you prevent CWE-1245?

What are the consequences of CWE-1245?

Is CWE-1245 actively exploited?

References

Stay ahead of CWE-1245

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-1245?

What CVEs are caused by CWE-1245?

How do you prevent CWE-1245?

What are the consequences of CWE-1245?

Is CWE-1245 actively exploited?

References

Stay ahead of CWE-1245