CWE-1297: Unprotected Confidential Information on Device is Accessible by OSAT Vendors

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.

常见后果

影响范围: Confidentiality Integrity Access Control Authentication Authorization Availability Accountability Non-Repudiation

技术影响: Gain Privileges or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code or Commands Modify Memory Modify Files or Directories

说明: The impact depends on the confidential information itself and who is inadvertently granted access. For example, if the confidential information is a key that can unlock all the parts of a generation, the impact could be severe.

潜在缓解措施

阶段: Architecture and Design

有效性: Moderate

检测方法

方法: Architecture or Design Review

Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.

有效性: High

方法: Dynamic Analysis with Manual Results Interpretation

Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.

有效性: Moderate

引入模式

阶段	说明
Implementation	-

适用平台

编程语言

Verilog (Undetermined) VHDL (Undetermined) Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Processor Hardware (Undetermined) Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1297

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1297: Unprotected Confidential Information on Device is Accessible by OSAT Vendors

弱点描述

常见后果

潜在缓解措施

检测方法

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1297: Unprotected Confidential Information on Device is Accessible by OSAT Vendors

弱点描述

常见后果

潜在缓解措施

检测方法

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-285

相关攻击模式