---
type: "mapping-set"
title: "CWE weaknesses → #8 Physical Attack"
description: "90 CWE weaknesses entries mapped to TLCTC #8 Physical Attack."
resource: "tlctc:mapping:cwe:cluster-8"
tags:
  - "mapping"
  - "cwe"
  - "cluster-8"
---
# CWE weaknesses → #8 Physical Attack

> Source: MITRE CWE → TLCTC mapping (`mappings/mitre-cwe/`). AI-generated, human-reviewed; experimental.

Mapped entries: **90**. Cluster: [#8 Physical Attack](/clusters/cluster-8.md).

| CWE | Name | TLCTC | Verdict | Rationale |
|---|---|---|---|---|
| CWE-385 | Covert Timing Channel | #8 | Allowed | Covert timing channel — emanations from execution timing leak data to an observer. Decision tree Q7 (physical-layer / side-channel weakness) -> #8. |
| CWE-514 | Covert Channel | #8 | Allowed-with-Review | Covert channel — communication path used outside its intended purpose to leak data. Often physical / side-channel in nature, though pure-software covert channels exist (these stay in #2\|#3 at instance level). Decision tree Q7 -> #8. |
| CWE-515 | Covert Storage Channel | #8 | Allowed | Covert storage channel — data leaked via shared storage that the attacker can observe (cache, registers, side memory). Decision tree Q7 -> #8. |
| CWE-549 | Missing Password Field Masking | #8 | Allowed | Missing password-field masking — password visible on screen enables shoulder surfing, screen-recording malware, and remote-desktop snooping. Physical/local observation -> #8. |
| CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | #8 | Allowed | Hardware-level implementation flaw (SoC) often reachable via physical/side-channel or low-level exploit. |
| CWE-1190 | DMA Device Enabled Too Early in Boot Phase | #8 | Allowed | Hardware/SoC design flaw — DMA controller activated before access-control configuration completes, allowing unrestricted memory read during boot. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control | #8 | Allowed | JTAG/Debug interfaces are typically physical access vectors. |
| CWE-1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) | #8 | Allowed | Hardware/SoC design flaw — incorrect identifier for an IP block in the SoC interconnect — security policy applied to the wrong block. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1193 | Power-On of Untrusted Execution Core Before Enabling Fabric Access Control | #8 | Allowed | Hardware/SoC design flaw — untrusted execution core powered on before fabric access control engaged, allowing initial code execution to bypass restrictions. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1209 | Failure to Disable Reserved Bits | #8 | Allowed | Hardware/SoC design flaw — reserved (debug/test) bits not disabled in production silicon. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1221 | Incorrect Register Defaults or Module Parameters | #8 | Allowed | Hardware/SoC design flaw — register defaults / module parameters set to insecure values at reset. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1222 | Insufficient Granularity of Address Regions Protected by Register Locks | #8 | Allowed | Hardware/SoC design flaw — address-region protection too coarse — an unintended adjacent region is covered or excluded. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1223 | Race Condition for Write-Once Attributes | #8 | Allowed | Hardware/SoC design flaw — race condition for write-once attributes — two writers compete for the one allowed write. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1224 | Improper Restriction of Write-Once Bit Fields | #8 | Allowed | Hardware/SoC design flaw — write-once bit fields can actually be modified after first write. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1231 | Improper Prevention of Lock Bit Modification | #8 | Allowed | Hardware/SoC design flaw — lock-bit modification not properly prevented after asserted, defeating immutability guarantees. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1232 | Improper Lock Behavior After Power State Transition | #8 | Allowed | Hardware/SoC design flaw — lock state not preserved across power-state transitions, resetting protection at sleep/wake. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection | #8 | Allowed | Hardware/SoC design flaw — security-sensitive controls have no lock bit, leaving them mutable indefinitely. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | #8 | Allowed | Hardware debug-interface flaw — internal debug modes can override lock-bit protections. Debug paths typically require physical or local access. Decision tree Q7 -> #8. |
| CWE-1239 | Improper Zeroization of Hardware Register | #8 | Allowed | Hardware data-remanence flaw — hardware register not zeroized between contexts, leaking previous state. Physical access can recover residual data. Decision tree Q7 -> #8. |
| CWE-1242 | Inclusion of Undocumented Features or Chicken Bits | #8 | Allowed | Hardware/SoC design flaw — undocumented features / chicken bits left enabled in shipped silicon — supply-chain-style backdoor. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1243 | Sensitive Non-Volatile Information Not Protected During Debug | #8 | Allowed | Hardware debug-interface flaw — sensitive non-volatile data not protected during debug-mode access. Debug paths typically require physical or local access. Decision tree Q7 -> #8. |
| CWE-1244 | Internal Asset Exposed to Unsafe Debug Access Level or State | #8 | Allowed | Hardware debug-interface flaw — internal asset reachable from debug interface despite policy. Debug paths typically require physical or local access. Decision tree Q7 -> #8. |
| CWE-1245 | Improper Finite State Machines (FSMs) in Hardware Logic | #8 | Allowed | Hardware/SoC design flaw — finite state machine has unintended/missing transitions reachable through input glitches. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1246 | Improper Write Handling in Limited-write Non-Volatile Memories | #8 | Allowed | Hardware/SoC design flaw — limited-write non-volatile memory worn out by attacker writes — reliability/DoS. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | #8 | Allowed | Hardware fault-injection vulnerability — missing protection against voltage / clock glitching — fault injection induces instruction skipping or signal misinterpretation. Physical perturbation of the chip drives unintended state. Decision tree Q7 -> #8. |
| CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | #8 | Allowed | Hardware/SoC design flaw — semiconductor defects exploitable via physical access (probing, fault injection). Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1251 | Mirrored Regions with Different Values | #8 | Allowed | Hardware protection/access-control flaw — mirrored memory regions hold different values, creating policy-vs-content discrepancy. Decision tree Q7 -> #8. |
| CWE-1253 | Incorrect Selection of Fuse Values | #8 | Allowed | Hardware/SoC design flaw — incorrect fuse value selected at manufacturing, leaving security feature disabled. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1254 | Incorrect Comparison Logic Granularity | #8 | Allowed | Hardware/SoC design flaw — comparison logic granularity too coarse / too fine for the security identifiers being compared. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks | #8 | Allowed | Hardware side-channel — comparison logic leaks via power side-channel (differential power analysis). Information leaks via physical/microarchitectural observation. Decision tree Q7 -> #8. |
| CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | #8 | Allowed | Hardware protection/access-control flaw — mirrored / aliased memory not covered by the same access-control policy as the primary range. Decision tree Q7 -> #8. |
| CWE-1258 | Exposure of Sensitive System Information Due to Uncleared Debug Information | #8 | Allowed | Hardware debug-interface flaw — sensitive system info exposed because debug state was not cleared on entering production mode. Debug paths typically require physical or local access. Decision tree Q7 -> #8. |
| CWE-1259 | Improper Restriction of Security Token Assignment | #8 | Allowed | Hardware/SoC design flaw — security-token assignment policy in the SoC permits unintended principals to claim sensitive tokens. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges | #8 | Allowed | Hardware protection/access-control flaw — overlap between protected memory ranges produces ambiguity in which policy applies. Decision tree Q7 -> #8. |
| CWE-1261 | Improper Handling of Single Event Upsets | #8 | Allowed | Hardware fault-injection vulnerability — single-event upsets (cosmic rays, EM glitches) flip security-relevant bits. Physical perturbation of the chip drives unintended state. Decision tree Q7 -> #8. |
| CWE-1262 | Improper Access Control for Register Interface | #8 | Allowed | Hardware protection/access-control flaw — register interface lacks access control — any caller can read/write security-sensitive registers. Decision tree Q7 -> #8. |
| CWE-1263 | Improper Physical Access Control | #8 | Allowed | Direct physical-access-control flaw — physical security boundary (lock, enclosure, port cover) missing or insufficient. Decision tree Q7 (physical-layer weakness) -> #8. |
| CWE-1264 | Hardware Logic with Insecure De-Synchronization between Control and Data Channels | #8 | Allowed | Hardware/SoC design flaw — hardware logic with insecure de-synchronization between clock domains — Meltdown-class transient-execution behavior. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | #8 | Allowed | Hardware data-remanence flaw — decommissioned device retains sensitive data because scrubbing is incomplete or skipped. Physical access can recover residual data. Decision tree Q7 -> #8. |
| CWE-1267 | Policy Uses Obsolete Encoding | #8 | Allowed | Hardware/SoC design flaw — security policy uses obsolete encoding that can no longer encode current actor identifiers, falling back to permissive defaults. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1268 | Policy Privileges are not Assigned Consistently Between Control and Data Agents | #8 | Allowed | Hardware/SoC design flaw — SoC policy privileges assigned inconsistently between IP blocks, creating asymmetric protection. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1270 | Generation of Incorrect Security Tokens | #8 | Allowed | Hardware/SoC design flaw — incorrect security tokens generated by hardware logic, miscategorizing principals. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1271 | Uninitialized Value on Reset for Registers Holding Security Settings | #8 | Allowed | Hardware/SoC design flaw — registers holding security settings not initialized to known value on reset. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1272 | Sensitive Information Uncleared Before Debug/Power State Transition | #8 | Allowed | Hardware/SoC design flaw — sensitive information not cleared before transitioning to debug/power state where new principals can observe. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1274 | Improper Access Control for Volatile Memory Containing Boot Code | #8 | Allowed | Hardware protection/access-control flaw — volatile memory holding boot code lacks access control — Secure Boot bypass. Decision tree Q7 -> #8. |
| CWE-1276 | Hardware Child Block Incorrectly Connected to Parent System | #8 | Allowed | Hardware/SoC design flaw — hardware child block incorrectly connected to parent, routing data outside intended path. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1278 | Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques | #8 | Allowed | Hardware protection/access-control flaw — missing anti-tamper / anti-reverse-engineering protections on shipped silicon. Decision tree Q7 -> #8. |
| CWE-1279 | Cryptographic Operations are run Before Supporting Units are Ready | #8 | Allowed | Hardware/SoC design flaw — cryptographic operations executed before supporting hardware (entropy source, key registers) is fully initialized. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1280 | Access Control Check Implemented After Asset is Accessed | #8 | Allowed | Hardware/SoC design flaw — access-control check implemented after the asset is already accessed — TOCTOU at the hardware layer. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1281 | Sequence of Processor Instructions Leads to Unexpected Behavior | #8 | Allowed | Hardware/SoC design flaw — specific instruction sequences cause unexpected microarchitectural behavior (Spectre/Meltdown gadget classes). Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | #8 | Allowed | Hardware/SoC design flaw — data assumed immutable is stored in writable memory — Secure Boot / attestation bypass. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1283 | Mutable Attestation or Measurement Reporting Data | #8 | Allowed | Hardware/SoC design flaw — attestation/measurement reporting data is mutable — Secure Boot / TPM-style attestation defeated. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1290 | Incorrect Decoding of Security Identifiers | #8 | Allowed | Hardware/SoC design flaw — incorrect decoding of security identifiers — wrong principal authenticated. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1292 | Incorrect Conversion of Security Identifiers | #8 | Allowed | Hardware/SoC design flaw — incorrect conversion between security-identifier representations — privilege confusion. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1294 | Insecure Security Identifier Mechanism | #8 | Allowed | Hardware/SoC design flaw — insecure security-identifier mechanism (predictable, low-entropy, mutable). Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1296 | Incorrect Chaining or Granularity of Debug Components | #8 | Allowed | Hardware debug-interface flaw — incorrect chaining or granularity of debug components — wider debug visibility than intended. Debug paths typically require physical or local access. Decision tree Q7 -> #8. |
| CWE-1298 | Hardware Logic Contains Race Conditions | #8 | Allowed | Hardware/SoC design flaw — hardware logic contains race conditions exploitable via timing. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1299 | Missing Protection Mechanism for Alternate Hardware Interface | #8 | Allowed | Hardware protection/access-control flaw — missing protection mechanism for an alternate hardware path that bypasses the primary protection. Decision tree Q7 -> #8. |
| CWE-1300 | Improper Protection of Physical Side Channels | #8 | Allowed | Hardware side-channel — missing/insufficient protection against physical side channels (power, EM, acoustic). Information leaks via physical/microarchitectural observation. Decision tree Q7 -> #8. |
| CWE-1301 | Insufficient or Incomplete Data Removal within Hardware Component | #8 | Allowed | Hardware data-remanence flaw — insufficient/incomplete data removal within hardware (cache lines, register files retain residue). Physical access can recover residual data. Decision tree Q7 -> #8. |
| CWE-1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) | #8 | Allowed | Hardware/SoC design flaw — missing source identifier in fabric transactions — receiver cannot tell who issued the command. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | #8 | Allowed | Hardware side-channel — non-transparent sharing of microarchitectural resources (Meltdown/Spectre/MDS class). Information leaks via physical/microarchitectural observation. Decision tree Q7 -> #8. |
| CWE-1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation | #8 | Allowed | Hardware/SoC design flaw — hardware configuration integrity not preserved across state transitions (reset, sleep). Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1305 | Improper Logic in Memory Address Decoding | #8 | Allowed | Hardware logic flaw exploitable via physical effects (e.g., Rowhammer). Decision tree Q7 (physical-layer weakness) → #8. |
| CWE-1311 | Improper Translation of Security Attributes by Fabric Bridge | #8 | Allowed | Hardware/SoC design flaw — security attributes mistranslated by fabric bridge between protocol domains. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall | #8 | Allowed | Hardware protection/access-control flaw — mirrored regions in on-chip memory lack protection that primary region has. Decision tree Q7 -> #8. |
| CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime | #8 | Allowed | Hardware debug-interface flaw — hardware permits activation of test/debug logic in production silicon. Debug paths typically require physical or local access. Decision tree Q7 -> #8. |
| CWE-1314 | Missing Write Protection for Parametric Data Values | #8 | Allowed | Hardware protection/access-control flaw — parametric data values (clock dividers, voltage settings) lack write protection — manipulable to cause faults. Decision tree Q7 -> #8. |
| CWE-1315 | Improper Setting of Bus Controlling Capability in Fabric End-point | #8 | Allowed | Hardware/SoC design flaw — bus-controlling capability assigned incorrectly in fabric end-node configuration. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges | #8 | Allowed | Hardware protection/access-control flaw — fabric-address map permits programming of unwarranted/overlapping ranges. Decision tree Q7 -> #8. |
| CWE-1317 | Improper Access Control in Fabric Bridge | #8 | Allowed | Hardware protection/access-control flaw — fabric bridge lacks proper access control between protocol domains. Decision tree Q7 -> #8. |
| CWE-1318 | Missing Support for Security Features in On-chip Fabrics or Buses | #8 | Allowed | Hardware/SoC design flaw — on-chip fabric lacks support for security features needed by upstream blocks. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | #8 | Allowed | Hardware fault-injection vulnerability — missing protection against electromagnetic fault injection. Physical perturbation of the chip drives unintended state. Decision tree Q7 -> #8. |
| CWE-1320 | Improper Protection for Outbound Error Messages and Alert Signals | #8 | Allowed | Hardware protection/access-control flaw — outbound error messages and altered branch behavior insufficiently protected — leak via observation. Decision tree Q7 -> #8. |
| CWE-1323 | Improper Management of Sensitive Trace Data | #8 | Allowed | Hardware debug-interface flaw — sensitive trace data managed insecurely — exposed via debug interfaces. Debug paths typically require physical or local access. Decision tree Q7 -> #8. |
| CWE-1326 | Missing Immutable Root of Trust in Hardware | #8 | Allowed | Hardware/SoC design flaw — missing immutable root of trust in hardware — boot integrity cannot be anchored. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1330 | Remanent Data Readable after Memory Erase | #8 | Allowed | Hardware data-remanence flaw — remanent data readable after memory erase (cell-level retention beyond explicit clear). Physical access can recover residual data. Decision tree Q7 -> #8. |
| CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | #8 | Allowed | Hardware/SoC design flaw — shared resources in network-on-chip not properly isolated between IP blocks. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | #8 | Allowed | Hardware fault-injection vulnerability — faults that lead to instruction skipping not properly handled — fault injection bypasses checks. Physical perturbation of the chip drives unintended state. Decision tree Q7 -> #8. |
| CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | #8 | Allowed | Hardware fault-injection vulnerability — unauthorized error injection can degrade hardware function — controlled stress-induced misbehavior. Physical perturbation of the chip drives unintended state. Decision tree Q7 -> #8. |
| CWE-1338 | Improper Protections Against Hardware Overheating | #8 | Allowed | Hardware overheating-protection flaw — controlled thermal stress causes physical damage or operational degradation. Decision tree Q7 -> #8. |
| CWE-1342 | Information Exposure through Microarchitectural State after Transient Execution | #8 | Allowed | Hardware side-channel — information leak through microarchitectural state remaining after transient (speculative) execution — Spectre/Meltdown family. Information leaks via physical/microarchitectural observation. Decision tree Q7 -> #8. |
| CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | #8 | Allowed | Hardware misbehaves under exceptional physical/environmental conditions (extreme temperature, voltage, EMI) — fault-injection vector. Decision tree Q7 -> #8. |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | #8 | Allowed | Improper handling of physical/environmental conditions creates exploitable state under controlled physical input. Decision tree Q7 -> #8. |
| CWE-1420 | Exposure of Sensitive Information during Transient Execution | #8 | Allowed | Microarchitectural side-channel — sensitive information exposed during transient (speculative) execution via cache-state, branch predictor, or other shared microarchitectural structures. Spectre-class. Decision tree Q7 -> #8. |
| CWE-1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution | #8 | Allowed | Hardware side-channel — information leak through shared microarchitectural structures during transient execution. Information leaks via physical/microarchitectural observation. Decision tree Q7 -> #8. |
| CWE-1422 | Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution | #8 | Allowed | Hardware side-channel — information leak caused by incorrect data forwarding during transient execution. Information leaks via physical/microarchitectural observation. Decision tree Q7 -> #8. |
| CWE-1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution | #8 | Allowed | Hardware side-channel — information leak caused by shared microarchitectural predictor state influencing transient execution. Information leaks via physical/microarchitectural observation. Decision tree Q7 -> #8. |
| CWE-1429 | Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface | #8 | Allowed | Hardware/SoC design flaw — missing security-relevant feedback for unexecuted operations — caller cannot tell whether the operation actually completed. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |
| CWE-1431 | Driving Intermediate Cryptographic State/Results to Hardware Module Outputs | #8 | Allowed | Hardware/SoC design flaw — intermediate cryptographic state/results driven onto observable buses — side-channel leak of in-progress crypto. Decision tree Q7 (physical-layer / hardware weakness) -> #8. |