The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.
View on MITREFuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.
Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
No relationship information available for this CWE.
CWE-1253: Incorrect Selection of Fuse Values is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse. Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.
If exploited, CWE-1253 (Incorrect Selection of Fuse Values) it can compromise Access Control, Authorization, Availability, Confidentiality and Integrity, leading to outcomes such as Bypass Protection Mechanism, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, Read Memory, Modify Memory and Execute Unauthorized Code or Commands.
Recommended mitigations for CWE-1253 include: Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.
CWE-1253 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-1253 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.