General Circuit and Logic Design Concerns
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to hardware-circuit design and logic (e.g., CMOS transistors, finite state machines, and registers) as well as issues related to hardware description languages such as System Verilog and VHDL.
The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any funct...
System configuration protection may be bypassed during debug mode.
A race condition in the hardware logic results in undermining security guarantees of the system.
Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privile...
The hardware logic does not effectively handle when single-event upsets (SEUs) occur.
The product implements a register lock bit protection feature that permits security sensitive controls to modify the protected configuration.
The product incorrectly implements register lock bit protection features such that protected controls can be programmed even after the lock has been set.
Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power...
The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.
The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one...
Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values.
The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.
A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition ...
This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...