CWE-1262: Improper Access Control for Register Interface

BaseStable

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

View on MITRE
Back to CWE Lookup

Extended Description

Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms
Not OS-Specific

Frequently Asked Questions

What is CWE-1262: Improper Access Control for Register Interface?+

CWE-1262: Improper Access Control for Register Interface is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers. Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity.

What are the security consequences of Improper Access Control for Register Interface?+

If exploited, CWE-1262 (Improper Access Control for Register Interface) it can compromise Confidentiality and Integrity, leading to outcomes such as Read Memory, Read Application Data, Modify Memory, Modify Application Data, Gain Privileges or Assume Identity and Bypass Protection Mechanism.

How do you prevent or mitigate Improper Access Control for Register Interface?+

Recommended mitigations for CWE-1262 include: Design proper policies for hardware register access from software. Ensure that access control policies for register access are implemented in accordance with the specified design.

How is Improper Access Control for Register Interface detected?+

CWE-1262 can be detected using Manual Analysis, Simulation / Emulation, Formal Verification, Automated Analysis, Architecture or Design Review and Fuzzing. Combining automated tooling with manual review typically yields the best coverage.

Which programming languages are affected by Improper Access Control for Register Interface?+

CWE-1262 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Improper Access Control for Register Interface?+

MITRE documents real CVEs mapped to CWE-1262, including CVE-2014-2915, CVE-2021-3011, CVE-2020-12446 and CVE-2015-2150. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-1262 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More