{"@ID": "1245", "@Name": "Improper Finite State Machines (FSMs) in Hardware Logic", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Incomplete", "Description": "Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.", "Extended_Description": {"xhtml:p": "The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM."}, "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "684", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Resultant"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Operating_System": {"@Class": "Not OS-Specific", "@Prevalence": "Undetermined"}, "Architecture": {"@Class": "Not Architecture-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "System on Chip", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design"}, {"Phase": "Implementation"}]}, "Common_Consequences": {"Consequence": {"Scope": ["Availability", "Access Control"], "Impact": ["Unexpected State", "DoS: Crash, Exit, or Restart", "DoS: Instability", "Gain Privileges or Assume Identity"], "Note": "Faulty FSM designs that do not account for all states, either through undefined states (left as don't cares) or through incorrect implementation, might lead an attacker to drive the system into an unstable state from which the system cannot recover without a reset, thus causing a DoS. Depending on what the FSM is used for, an attacker might also gain additional privileges to launch further attacks and compromise the security guarantees."}}, "Potential_Mitigations": {"Mitigation": {"Phase": ["Architecture and Design", "Implementation"], "Description": "Define all possible states and handle all unused states through default statements. Ensure that system defaults to a secure state.", "Effectiveness": "High"}}, "Demonstrative_Examples": {"Demonstrative_Example": {"@Demonstrative_Example_ID": "DX-152", "Intro_Text": "The Finite State Machine (FSM) shown in the \"bad\" code snippet below assigns the output (\"out\") based on the value of state, which is determined based on the user provided input (\"user_input\").", "Example_Code": [{"@Nature": "Bad", "@Language": "Verilog", "xhtml:div": {"xhtml:br": [null, null, null, null, null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": [null, null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": [null, null], "xhtml:div": [{"@style": "margin-left:1em;", "#text": "state = 3'h0;"}, {"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null, null], "#text": "3'h0:\n\t\t\t\t\t\t  3'h1:\n\t\t\t\t\t\t  3'h2:\n\t\t\t\t\t\t  3'h3: state = 2'h3;\n\t\t\t\t\t\t  3'h4: state = 2'h2;\n\t\t\t\t\t\t  3'h5: state = 2'h1;"}], "#text": "if (!rst_n)\n\t\t\t\t\t\t\n\t\t\t\t\t\telse\n\t\t\t\t\t\tcase (user_input)\n\t\t\t\t\t\t\n\t\t\t\t\t\tendcase"}, "#text": "begin\n\t\t\t\t\t  \n\t\t\t\t\t  \n\t\t\t\t\t  end\n\t\t\t\t\t  out <= {1'h1, state};"}, "#text": "module fsm_1(out, user_input, clk, rst_n);\n\t\t\t\t\t  input [2:0] user_input; \n\t\t\t\t\t  input clk, rst_n;\n\t\t\t\t\t  output reg [2:0] out;\n\t\t\t\t\t  reg [1:0] state;\n\t\t\t\t\t  always @ (posedge clk or negedge rst_n )\n\t\t\t\t\t  \n\t\t\t\t\t  \n\t\t\t\t\t  endmodule"}}, {"@Nature": "Good", "@Language": "Verilog", "xhtml:div": {"xhtml:br": null, "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null, null], "xhtml:b": "default: state = 2'h0;", "#text": "3'h0:\n\t\t\t\t\t  3'h1:\n\t\t\t\t\t  3'h2:\n\t\t\t\t\t  3'h3: state = 2'h3;\n\t\t\t\t\t  3'h4: state = 2'h2;\n\t\t\t\t\t  3'h5: state = 2'h1;"}, "#text": "case (user_input)\n\t\t\t\t\t  \n\t\t\t\t\t  endcase"}}], "Body_Text": {"xhtml:p": ["The case statement does not include a default to handle the scenario when the user provides inputs of 3'h6 and 3'h7.  Those inputs push the system to an undefined state and might cause a crash (denial of service) or any other unanticipated outcome.", "Adding a default statement to handle undefined inputs mitigates this issue.  This is shown in the \"Good\" code snippet below.  The default statement is in bold."]}}}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "74"}}, "References": {"Reference": {"@External_Reference_ID": "REF-1060"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi", "Submission_Organization": "Intel Corporation", "Submission_Date": "2020-02-12", "Submission_Version": "4.0", "Submission_ReleaseDate": "2020-02-24"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-08-20", "Modification_Version": "4.2", "Modification_ReleaseDate": "2020-08-20", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Common_Consequences, Description, Weakness_Ordinalities"}]}}
