CWE-1302: Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.

常见后果

影响范围: Confidentiality Integrity Availability Access Control

技术影响: Modify Memory Read Memory DoS: Crash, Exit, or Restart Bypass Protection Mechanism Execute Unauthorized Code or Commands

潜在缓解措施

阶段: Architecture and Design

描述: Transaction details must be reviewed for design inconsistency and common weaknesses.

阶段: Implementation

描述: Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing.

引入模式

阶段	说明
Architecture and Design	Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.
Implementation	Such issues could be introduced during implementation and identified later during Testing or System Configuration phases.

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1302

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1302: Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1302: Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-1294

相关攻击模式