CWE-1233 – Security-Sensitive Hardware Controls with Missing Lock Bit Protection | Common Weakness Enumeration（CWE）

概要

CWE-1233（Security-Sensitive Hardware Controls with Missing Lock Bit Protection）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2025-61972	2026-05-13	Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution…
CVE-2025-61971	2026-05-13	Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.
CVE-2025-25735	2025-08-26	Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with soft…
CVE-2025-25734	2025-08-26	Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute a…
CVE-2025-25733	2025-08-26	Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to…
CVE-2022-23005	2023-01-23	Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UF…

旧名称

Improper Hardware Lock Protection for Security Sensitive Controls (2021-10-28)

コンテンツ投稿

名称: Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
組織: Intel Corporation
日付: 2020-01-15
バージョン: 4.0

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2020-08-20	CWE Content Team	4.2	—	updated Related_Attack_Patterns
2021-03-15	CWE Content Team	4.4	—	updated Maintenance_Notes
2021-10-28	CWE Content Team	4.6	—	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	4.7	—	updated Related_Attack_Patterns, Relationships
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2025-04-03	CWE Content Team	4.17	—	updated Demonstrative_Examples
2025-09-09	CWE Content Team	4.18	—	updated Relationships

貢献

タイプ	名称	日付	コメント
Feedback	Narasimha Kumar V Mangipudi	2021-10-20	reviewed content changes