Power, Clock, Thermal, and Reset Concerns

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to system power, voltage, current, temperature, clocks, system state saving/restoring, and resets at the platform and SoC level.

Weaknesses

Comparison Logic is Vulnerable to Power Side-Channel Attacks

A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the referenc...

Improper Handling of Faults that Lead to Instruction Skips

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

Improper Lock Behavior After Power State Transition

Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power...

Improper Protection Against Voltage and Clock Glitches

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive informatio...

Improper Protection for Outbound Error Messages and Alert Signals

Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.

Improper Protections Against Hardware Overheating

A hardware device is missing or has inadequate protection features to prevent overheating.

Improper Restriction of Software Interfaces to Hardware Features

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functional...

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or ...

Missing Write Protection for Parametric Data Values

The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and...

Semiconductor Defects in Hardware Logic with Security-Sensitive Implications

The security-sensitive hardware module contains semiconductor defects.

Uninitialized Value on Reset for Registers Holding Security Settings

Security-critical logic is not set to a known value on reset.

Concepts

Hardware Design

This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.