CWE-1221: Incorrect Register Defaults or Module Parameters
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Hardware description language code incorrectly defines register defaults or hardware Intellectual Property (IP) parameters to insecure values.
常见后果
影响范围: Confidentiality Integrity Availability Access Control
技术影响: Varies by Context
说明: Degradation of system functionality, or loss of access control enforcement can occur.
潜在缓解措施
阶段: Architecture and Design
描述: During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings.
阶段: Implementation
描述: The default values of these security sensitive settings need to be defined as part of the design review phase.
阶段: Testing
描述: Testing phase should use automated tools to test that values are configured per design specifications.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases. |