CWE-1294: Insecure Security Identifier Mechanism
The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.
Last updated
Overview
Systems-On-Chip (Integrated circuits and hardware engines) implement Security Identifiers to differentiate/identify actions originated from various agents. These actions could be 'read', 'write', 'program', 'reset', 'fetch', 'compute', etc. Security identifiers are generated and assigned to every agent in the System (SoC) that is either capable of generating an action or receiving an action from another agent. Every agent could be assigned a unique, Security Identifier based on its trust level or privileges. A broad class of flaws can exist in the Security Identifier process, including but not limited to missing security identifiers, improper conversion of security identifiers, incorrect generation of security identifiers, etc.
Common consequences
What can happen when CWE-1294 is exploited.
Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality Degradation
Affects: Confidentiality, Integrity, Availability, Access Control
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1294, grouped by where in the lifecycle they apply.
Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses.
Access and programming flows must be tested in pre-silicon and post-silicon testing.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1294.
- What is CWE-1294?
- The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.
- How do you prevent CWE-1294?
- Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses.
- What are the consequences of CWE-1294?
- Exploiting CWE-1294 can lead to: Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality Degradation.
References
- MITRE CWE definition (CWE-1294) (opens in a new tab)
- CWE-1294 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1294
Get alerted the moment a new CWE-1294 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.