CWE-1313: Hardware Allows Activation of Test or Debug Logic at Runtime

During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

An adversary can take advantage of test or debug logic that is made accessible through the hardware during normal operation to modify the intended behavior of the system. For example, an accessible Test/debug mode may allow read/write access to any system data. Using error injection (a common test/debug feature) during a transmit/receive operation on a bus, data may be modified to produce an unintended message. Similarly, confidentiality could be compromised by such features allowing access to secrets.

CWE-1313: Hardware Allows Activation of Test or Debug Logic at Runtime

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Illustrative examples

Attack patterns

Frequently asked questions

What is CWE-1313?

What CVEs are caused by CWE-1313?

How do you prevent CWE-1313?

What are the consequences of CWE-1313?

Is CWE-1313 actively exploited?

References

Stay ahead of CWE-1313

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Illustrative examples

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-1313?

What CVEs are caused by CWE-1313?

How do you prevent CWE-1313?

What are the consequences of CWE-1313?

Is CWE-1313 actively exploited?

References

Stay ahead of CWE-1313