CWE-1313: Hardware Allows Activation of Test or Debug Logic at Runtime

BaseDraft

During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.

View on MITRE

Back to CWE Lookup

Extended Description

An adversary can take advantage of test or debug logic that is made accessible through the hardware during normal operation to modify the intended behavior of the system. For example, an accessible Test/debug mode may allow read/write access to any system data. Using error injection (a common test/debug feature) during a transmit/receive operation on a bus, data may be modified to produce an unintended message. Similarly, confidentiality could be compromised by such features allowing access to secrets.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Not OS-Specific

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-1313

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references