CWE-1294: Insecure Security Identifier Mechanism

Class Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.

常见后果

影响范围: Confidentiality Integrity Availability Access Control

技术影响: Modify Memory Read Memory DoS: Resource Consumption (Other) Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Quality Degradation

潜在缓解措施

阶段: Architecture and Design

描述: Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses.

阶段: Implementation

描述: Access and programming flows must be tested in pre-silicon and post-silicon testing.

引入模式

阶段	说明
Architecture and Design	Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases.
Implementation	Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases.

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Bus/Interface Hardware (Undetermined) Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1294

抽象级别: Class

结构: Simple

状态: Incomplete

CWE-1294: Insecure Security Identifier Mechanism

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1294: Insecure Security Identifier Mechanism

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-284

相关攻击模式