CWE-1294: Insecure Security Identifier Mechanism

The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

Systems-On-Chip (Integrated circuits and hardware engines) implement Security Identifiers to differentiate/identify actions originated from various agents. These actions could be 'read', 'write', 'program', 'reset', 'fetch', 'compute', etc. Security identifiers are generated and assigned to every agent in the System (SoC) that is either capable of generating an action or receiving an action from another agent. Every agent could be assigned a unique, Security Identifier based on its trust level or privileges. A broad class of flaws can exist in the Security Identifier process, including but not limited to missing security identifiers, improper conversion of security identifiers, incorrect generation of security identifiers, etc.

CWE-1294: Insecure Security Identifier Mechanism

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Attack patterns

Frequently asked questions

What is CWE-1294?

How do you prevent CWE-1294?

What are the consequences of CWE-1294?

References

Stay ahead of CWE-1294

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Related weaknesses

Parent

Child

Attack patterns

Frequently asked questions

What is CWE-1294?

How do you prevent CWE-1294?

What are the consequences of CWE-1294?

References

Stay ahead of CWE-1294