目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1314 类漏洞列表 1

CWE-1314 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1314 指参数化数据值缺乏写保护,属于配置错误类漏洞。攻击者通常利用未受保护的传感器缩放参数,通过篡改数据操纵硬件读数,导致设备超出设计限制运行,进而引发硬件损坏或操作故障。开发者应避免此风险,确保关键传感器阈值由硬件熔丝或可信软件严格锁定,并实施严格的访问控制,防止不受信任的软件修改这些关键参数。

MITRE CWE 官方描述
CWE:CWE-1314 参数化数据值缺少写保护 英文:设备未对用于缩放传感器值的传感器参数化数据值进行写保护,这使得不受信任的软件能够操纵表观结果,并可能损坏硬件或导致运行故障。 硬件使用各种传感器来检测任何超出设计限制运行的设备。阈值限制值由硬件熔丝或受信任的软件(如 BIOS)设置。这些限制可能与热、功率、电压、电流和频率有关。可以使用硬件机制来防止不受信任的软件篡改阈值限制值。限制值通常以被读取值的类型的标准单位进行编程。然而,根据传感器设计和操作的不同,硬件传感器模块可能会以不同的单位报告设置。原始传感器输出值使用基于编程到传感器中的参数化数据的比例转换转换为所需的单位。然后将最终转换后的值与先前编程的限制值进行比较。虽然限制值通常受到保护,但传感器参数化数据值可能未受到保护。通过更改参数化数据,可以绕过安全运行限制。
常见影响 (1)
AvailabilityQuality Degradation, DoS: Resource Consumption (Other)
Sensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service.
缓解措施 (1)
Architecture and DesignAccess controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.
Effectiveness: High
代码示例 (1)
Malicious software executes instructions to increase power consumption to the highest possible level while causing the clock frequency to increase to its maximum value. Such a program executing for an extended period of time would likely overheat the device, possibly resulting in permanent damage to the device. A ring, oscillator-based temperature sensor will generally report the sensed val…
The sensor frequency value is scaled by applying the function: Sensed Temp = a + b * Sensor Freq where a and b are the programmable calibration data coefficients. Software sets a and b to zero ensuring the sensed
							temperature is always zero.
Bad · Other
The sensor frequency value is scaled by applying the function: Sensed Temp = a + b * Sensor Freq where a and b are the programmable calibration data coefficients. Untrusted software is prevented from changing the values of either a or b, 
							preventing this method of manipulating the temperature.
Good · Other
CVE ID标题CVSS风险等级Published
CVE-2026-40188 goshs 安全漏洞 — goshs 7.7 High2026-04-10

CWE-1314 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。