CWE-1247 - Improper Protection Against Voltage and Clock Glitches
- Abstraction:Base
- Structure:Simple
- Status:Stable
- Release Date:2020-02-24
- Latest Modification Date:2023-10-26
Weakness Name
Improper Protection Against Voltage and Clock Glitches
Description
The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.
A device might support features such as secure boot which are supplemented with hardware and firmware support. This involves establishing a chain of trust, starting with an immutable root of trust by checking the signature of the next stage (culminating with the OS and runtime software) against a golden value before transferring control. The intermediate stages typically set up the system in a secure state by configuring several access control settings. Similarly, security logic for exercising a debug or testing interface may be implemented in hardware, firmware, or both. A device needs to guard against fault attacks such as voltage glitches and clock glitches that an attacker may employ in an attempt to compromise the system.
Common Consequences
Scope: Confidentiality, Integrity, Availability, Access Control
Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands
Related Weaknesses
CWE-1384Improper Handling of Physical or Environmental Conditions
AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar
AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock
Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation
Genetic data site openSNP to close and delete data over privacy concerns
Verizon Call Filter API flaw exposed customers' incoming call history
GitHub expands security tools after 39 million secrets leaked in 2024
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
MediumRelative Path Confusion
MediumXSLT Injection
LowStrict-Transport-Security Malformed Content (Non-compliant with Spec)
LowMultiple HREFs Redirect Detected (Potential Sensitive Information Leak)
LowStrict-Transport-Security Defined via META (Non-compliant with Spec)
InformationalLoosely Scoped Cookie
InformationalImage Exposes Location or Privacy Data
CWE-66 Improper Handling of File Names that Identify Virtual Resources
HighCWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
CWE-1296 Incorrect Chaining or Granularity of Debug Components
CWE-1084 Invokable Control Element with Excessive File or Data Access Operations