Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1320 — Vulnerability Class 6

6 vulnerabilities classified as CWE-1320. AI Chinese analysis included.

CWE-1320 represents a critical weakness where untrusted agents can disable alerts regarding signal conditions exceeding safe operational limits or bypass the mechanisms designed to handle such alerts. This vulnerability typically arises in hardware systems where sensors monitor device performance against thresholds defined by hardware fuses or trusted software like the BIOS. Attackers exploit this flaw by manipulating these threshold values or interfering with the alert response logic, potentially allowing the device to operate in unsafe states without triggering necessary warnings or shutdowns. To mitigate this risk, developers must implement robust hardware-enforced protections that prevent unauthorized modification of critical limit settings. Additionally, employing redundant monitoring systems and ensuring that alert mechanisms are isolated from untrusted control paths helps maintain system integrity and ensures that safety signals remain active and reliable during critical fault conditions.

MITRE CWE Description
Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts. Hardware sensors are used to detect whether a device is operating within design limits. The threshold values for these limits are set by hardware fuses or trusted software such as a BIOS. Modification of these limits may be protected by hardware mechanisms. When device sensors detect out of bound conditions, alert signals may be generated for remedial action, which may take the form of device shutdown or throttling. Warning signals that are not properly secured may be disabled or used to generate spurious alerts, causing degraded performance or denial-of-service (DoS). These alerts may be masked by untrusted software. Examples of these alerts involve thermal and power sensor alerts.
Common Consequences (1)
AvailabilityDoS: Instability, DoS: Crash, Exit, or Restart, Reduce Reliability, Unexpected State
Mitigations (1)
Architecture and DesignAlert signals generated by critical events should be protected from access by untrusted agents. Only hardware or trusted firmware modules should be able to alter the alert configuration.
Examples (1)
Consider a platform design where a Digital-Thermal Sensor (DTS) is used to monitor temperature and compare that output against a threshold value. If the temperature output equals or exceeds the threshold value, the DTS unit sends an alert signal to the processor. The processor, upon getting the alert, input triggers system shutdown. The alert signal is handled as a General-Purpose-I/O (GPIO…
The processor-GPIO controller exposes software-programmable controls that allow untrusted software to reprogram the state of the GPIO pin.
Bad · Other
The GPIO alert-signal pin is blocked from untrusted software access and is controlled only by trusted software, such as the System BIOS.
Good · Other
CVE IDTitleCVSSSeverityPublished
CVE-2023-5635 User Enumeration in ArslanSoft's Education Portal — Education Portal 7.5 High2023-12-01
CVE-2023-5443 User Enumeration in EDM Informatic's E-Invoice Software — E-invoice 7.5 High2023-10-27
CVE-2023-5570 User Enumeration in Inohom's Home Manager Gateway — Home Manager Gateway 7.5 High2023-10-27
CVE-2023-1014 Information disclosure in Vira-Investing — Vira-Investing 7.5 High2023-03-30
CVE-2023-0839 Improper Error Handling in inSCADA — inSCADA 9.8 Critical2023-03-06
CVE-2022-2319 xorg-x11-server 安全漏洞 — xorg-x11-server 7.8 -2022-09-01

Vulnerabilities classified as CWE-1320 represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.