CWE-1296
Incorrect Chaining or Granularity of Debug Components
Incomplete
2020-08-20
00h00 +00:00
00h00 +00:00
2023-06-29
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Incorrect Chaining or Granularity of Debug Components
The product's debug components contain incorrect chaining or granularity of debug components.
CWE Description
For debugging and troubleshooting a chip, several hardware design elements are often implemented, including:
- Various Test Access Ports (TAPs) allow boundary scan commands to be executed.
- For scanning the internal components of a chip, there are scan cells that allow the chip to be used as a "stimulus and response" mechanism.
- Chipmakers might create custom methods to observe the internal components of their chips by placing various tracing hubs within their chip and creating hierarchical or interconnected structures among those hubs.
Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could allow unintended access permissions.
General Informations
Modes Of Introduction
ImplementationApplicable Platforms
Language
Name: Verilog (Undetermined)Name: VHDL (Undetermined)
Class: Not Language-Specific (Undetermined)
Operating Systems
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Name: Processor Hardware (Undetermined)Class: Not Technology-Specific (Undetermined)
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Confidentiality Integrity Access Control Authentication Authorization Availability Accountability | Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, Modify Memory, Modify Files or Directories Note: Depending on the access to debug component(s) erroneously granted, an attacker could use the debug component to gain additional understanding about the system to further an attack and/or execute other commands. This could compromise any security property, including the ones listed above. | Medium |
Observed Examples
| References | Description |
|---|---|
CVE-2017-18347 | Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection. |
CVE-2020-1791 | There is an improper authorization vulnerability in several smartphones. The system has a logic-judging error, and, under certain scenarios, a successful exploit could allow the attacker to switch to third desktop after a series of operations in ADB mode. (Vulnerability ID: HWPSIRT-2019-10114). |
Potential Mitigations
Phases : ImplementationEnsure that debug components are properly chained and their granularity is maintained at different authentication levels.
Detection Methods
Architecture or Design Review
Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.Effectiveness : High
Dynamic Analysis with Manual Results Interpretation
Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.Effectiveness : High
Vulnerability Mapping Notes
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-121 | Exploit Non-Production Interfaces An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable. |
| CAPEC-702 | Exploiting Incorrect Chaining or Granularity of Hardware Debug Components An adversary exploits incorrect chaining or granularity of hardware debug components in order to gain unauthorized access to debug functionality on a chip. This happens when authorization is not checked on a per function basis and is assumed for a chain or group of debug functionality. |
NotesNotes
This entry is still under development and will continue to see updates and content improvements.Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna | Intel Corporation | 4.2 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.