CWE-1253β€”Incorrect Selection of Fuse Values

PUBLISHEDweakness record
released 2020-02-24 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-1253
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2020-02-24
Latest Modification Date:
2025-12-11

Weakness Name

Incorrect Selection of Fuse Values

Description

The logic level used to set a system to a secure state relies on a fuse being unblown.

Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0.

Common Consequences

Scope:
Access Control, Authorization
Impact:
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes:
If the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.
Scope:
Availability
Impact:
DoS: Crash, Exit, or Restart
Scope:
Confidentiality
Impact:
Read Memory
Scope:
Integrity
Impact:
Modify Memory, Execute Unauthorized Code or Commands

Related Weaknesses