CWE-1253: Incorrect Selection of Fuse Values

BaseDraft

The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.

View on MITRE
Back to CWE Lookup

Extended Description

Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms
Not OS-Specific

Frequently Asked Questions

What is CWE-1253: Incorrect Selection of Fuse Values?+

CWE-1253: Incorrect Selection of Fuse Values is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse. Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.

What are the security consequences of Incorrect Selection of Fuse Values?+

If exploited, CWE-1253 (Incorrect Selection of Fuse Values) it can compromise Access Control, Authorization, Availability, Confidentiality and Integrity, leading to outcomes such as Bypass Protection Mechanism, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, Read Memory, Modify Memory and Execute Unauthorized Code or Commands.

How do you prevent or mitigate Incorrect Selection of Fuse Values?+

Recommended mitigations for CWE-1253 include: Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.

Which programming languages are affected by Incorrect Selection of Fuse Values?+

CWE-1253 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-1253 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More

CWE-1253: Incorrect Selection of Fuse Values | CWE Lookup | InventiveHQ