{"@ID": "1334", "@Name": "Unauthorized Error Injection Can Degrade Hardware Redundancy", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.", "Extended_Description": {"xhtml:p": "To ensure the performance and functional reliability of certain components, hardware designers can implement hardware blocks for redundancy in the case that others fail. This redundant block can be prevented from performing as intended if the design allows unauthorized agents to inject errors into it. In this way, a path with injected errors may become unavailable to serve as a redundant channel. This may put the system into a degraded mode of operation which could be exploited by a subsequent attack."}, "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "284", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Operating_System": {"@Class": "Not OS-Specific", "@Prevalence": "Undetermined"}, "Architecture": {"@Class": "Not Architecture-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design", "Note": "Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."}, {"Phase": "Implementation", "Note": "Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}, {"Phase": "Integration", "Note": "Such issues could be introduced during integration and identified later during Testing or System Configuration phases."}]}, "Common_Consequences": {"Consequence": {"Scope": ["Integrity", "Availability"], "Impact": ["DoS: Crash, Exit, or Restart", "DoS: Instability", "Quality Degradation", "DoS: Resource Consumption (CPU)", "DoS: Resource Consumption (Memory)", "DoS: Resource Consumption (Other)", "Reduce Performance", "Reduce Reliability", "Unexpected State"]}}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Architecture and Design", "Description": "Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors."}, {"Phase": "Implementation", "Description": "Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors."}, {"Phase": "Integration", "Description": "Add an access control layer atop any unprotected interfaces for injecting errors."}]}, "Related_Attack_Patterns": {"Related_Attack_Pattern": [{"@CAPEC_ID": "624"}, {"@CAPEC_ID": "625"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "James Pangburn", "Submission_Organization": "Accellera IP Security Assurance (IPSA) Working Group", "Submission_Date": "2020-07-29", "Submission_Version": "4.3", "Submission_ReleaseDate": "2020-12-10"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Weakness_Ordinalities"}]}}
