Debug and Test Problems
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to hardware debug and test interfaces such as JTAG and scan chain.
The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
The chip does not implement or does not correctly check whether users are authorized to access internal registers.
The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.
During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the ...
System configuration protection may be bypassed during debug mode.
The product's physical debug and test interface protection does not block untrusted agents, resulting in unauthorized access to and potentially control of sensitive as...
Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted ag...
The product's debug components contain incorrect chaining or granularity of debug components.
The same public key is used for signing both debug and production code.
Sensitive information in clear text on the JTAG interface may be examined by an eavesdropper, e.g. by placing a probe device on the int...
Sensitive information may leak as a result of a debug or power state transition when information access restrictions change as a result of the transition.
Access to security-sensitive information stored in fuses is not limited during debug.
This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...