CWE-1300: Improper Protection of Physical Side Channels
The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.
Last updated
Overview
An adversary could monitor and measure physical phenomena to detect patterns and make inferences, even if it is not possible to extract the information in the digital domain. Physical side channels have been well-studied for decades in the context of breaking implementations of cryptographic algorithms or other attacks against security features. These side channels may be easily observed by an adversary with physical access to the device, or using a tool that is in close proximity. If the adversary can monitor hardware operation and correlate its data processing with power, EME, and acoustic measurements, the adversary might be able to recover of secret keys and data.
Real-world CVEs
10 recorded CVEs are caused by CWE-1300 (Improper Protection of Physical Side Channels). The highest-severity and most recent are shown first. 9 new CWE-1300 CVEs have been recorded so far in 2026.
- CVE-2026-11153Critical · CVSS 9.1 · EPSS 18th2026-06-04
- CVE-2023-6258
Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths
High · CVSS 8.1 · EPSS 43th2024-01-30 - CVE-2026-14074Medium · CVSS 6.5 · EPSS 20th2026-06-30
- CVE-2026-14071Medium · CVSS 6.5 · EPSS 14th2026-06-30
- CVE-2026-13935Medium · CVSS 6.5 · EPSS 22th2026-06-30
- CVE-2026-13809Medium · CVSS 6.5 · EPSS 20th2026-06-30
- CVE-2026-11284Medium · CVSS 6.5 · EPSS 15th2026-06-04
- CVE-2026-5876Medium · CVSS 6.5 · EPSS 16th2026-04-08
- CVE-2026-6923
Nuvoton - CWE-1300: Improper Protection of Physical Side Channels
Low · CVSS 3.8 · EPSS 2th2026-05-14 - CVE-2026-0115Low · CVSS 2.1 · EPSS 1th2026-03-10
Common consequences
What can happen when CWE-1300 is exploited.
Read Memory, Read Application Data
Affects: Confidentiality
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-1300, grouped by where in the lifecycle they apply.
Apply blinding or masking techniques to implementations of cryptographic algorithms.
Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel.
How to detect it
Manual Analysis
Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230]. TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].
Effectiveness: Moderate
Manual Analysis
Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code.
Effectiveness: Moderate
Manual Analysis
Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out. Academic research in this field includes [REF-1231] [REF-1232] [REF-1233].
Effectiveness: Moderate
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Consider a device that checks a passcode to unlock the screen.
PIN numbers used to unlock a cell phone should not exhibit any characteristics about themselves. This creates a side channel. An attacker could monitor the pulses using an oscilloscope or other method. Once the first character is correctly guessed (based on the oscilloscope readings), they can then move to the next character, which is much more efficient than the brute force method of guessing every possible sequence of characters.
Consider the device vulnerability CVE-2021-3011, which affects certain microcontrollers [REF-1221]. The Google Titan Security Key is used for two-factor authentication using cryptographic algorithms. The device uses an internal secret key for this purpose and exchanges information based on this key for the authentication. If this internal secret key and the encryption algorithm were known to an adversary, the key function could be duplicated, allowing the adversary to masquerade as the legitimate user.
The code snippet provided here is part of the modular exponentiation module found in the HACK@DAC'21 Openpiton System-on-Chip (SoC), specifically within the RSA peripheral [REF-1368]. Modular exponentiation, denoted as "a^b mod n," is a crucial operation in the RSA public/private key encryption. In RSA encryption, where 'c' represents ciphertext, 'm' stands for a message, and 'd' corresponds to the private key, the decryption process is carried out using this modular exponentiation as follows: m = c^d mod n, where 'n' is the result of multiplying two large prime numbers.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2022-35888 — Power side-channels leak secret information from processor
- CVE-2021-3011 — electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key
- CVE-2019-14353 — Crypto hardware wallet's power consumption relates to total number of pixels illuminated, creating a side channel in the USB connection that allows attackers to determine secrets displayed such as PIN numbers and passwords
- CVE-2020-27211 — Chain: microcontroller system-on-chip contains uses a register value stored in flash to set product protection state on the memory bus but does not contain protection against fault injection (CWE-1319), which leads to an incorrect initialization of the memory bus (CWE-1419) leading the product to be in an unprotected state.
- CVE-2013-4576 — message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis
- CVE-2020-28368 — virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface.
- CVE-2019-18673 — power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1300.
- What is CWE-1300?
- The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.
- What CVEs are caused by CWE-1300?
- 10 recorded CVEs are attributed to CWE-1300, including CVE-2026-11153, CVE-2023-6258, CVE-2026-14074.
- How do you prevent CWE-1300?
- Apply blinding or masking techniques to implementations of cryptographic algorithms.
- How is CWE-1300 detected?
- Manual Analysis: Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230]. TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].
- What are the consequences of CWE-1300?
- Exploiting CWE-1300 can lead to: Read Memory, Read Application Data.
- Is CWE-1300 actively exploited?
- 10 recorded CVEs are caused by CWE-1300; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1300) (opens in a new tab)
- CWE-1300 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1300
Get alerted the moment a new CWE-1300 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.