CWE-1253

Incorrect Selection of Fuse Values

AI Translation Available

The logic level used to set a system to a secure state relies on a fuse being unblown.

Status

draft

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0.

Technical Details

AI Translation

Common Consequences

access control authorization availability confidentiality integrity

Impacts

execute unauthorized code or commands bypass protection mechanism gain privileges or assume identity dos: crash, exit, or restart read memory modify memory

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.

AI Generated Translation

Common Consequences

controllo degli accessi autorizzazione disponibilità riservatezza integrità

Impacts

eseguire codice o comandi non autorizzati elusione del meccanismo di protezione ottenere privilegi o assumere identità dos: crash, uscita o riavvio leggere memoria modificare memoria

Potential Mitigations

Phases:

architettura e design

Descriptions:

• La logica dovrebbe essere progettata in modo che i fusibili bruciati non mettano il prodotto in uno stato insicuro che possa essere sfruttato da un attaccante.

CWE-1253

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter