Write a known pattern into each sensitive location. Enter the power/debug state in question. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the device needs to be fixed. Note that this test can likely be automated.
CWE-1272 Base Stable
Sensitive Information Uncleared Before Debug/Power State Transition
This vulnerability occurs when a device changes its power mode or enters a debug state but fails to wipe sensitive data that should become inaccessible after the transition.
Definition
What is CWE-1272?
This vulnerability occurs when a device changes its power mode or enters a debug state but fails to wipe sensitive data that should become inaccessible after the transition.
Devices cycle through various operational states—like active power, low-power, sleep, hibernate, or debug modes—as part of normal function. Each state has different security boundaries controlling what data is accessible. A security flaw arises when the system moves from a more permissive state (where sensitive data is present) to a more restricted one, but neglects to purge that data first. This leaves confidential information, such as encryption keys or user data, lingering in memory or registers where it shouldn't be reachable.
For developers, this means sensitive data can leak across state boundaries if not explicitly cleared before a transition. Think of it as forgetting to shred confidential documents before locking them in a safe—the safe is secure, but the contents inside still pose a risk. To prevent this, you must implement explicit cleanup routines that wipe all sensitive information from temporary storage, caches, and buffers immediately before any power-state or debug-state change is finalized.
Real-world impact
Real-world CVEs caused by CWE-1272
-
Product software does not set a flag as per TPM specifications, thereby preventing a failed authorization attempt from being recorded after a loss of power.
How attackers exploit it
Step-by-step attacker path
- 1
This example shows how an attacker can take advantage of an incorrect state transition.
- 2
Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible.
- 3
After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys.
Vulnerable code example
Vulnerable Other
Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible.
During the transition from A to B, the device does not scrub the memory. Secure code example
Secure Other
After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys.
For transition from state A to state B, remove information which should not be available once the transition is complete. What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Prevention checklist
How to prevent CWE-1272
- Architecture and Design / Implementation During state transitions, information not needed in the next state should be removed before the transition to the next state.
Detection signals
How to detect CWE-1272
Plexicus auto-detects CWE-1272 and opens a fix PR in under 60 seconds.
Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.
Frequently asked questions What is CWE-1272?
How serious is CWE-1272?
What languages or platforms are affected by CWE-1272?
How can I prevent CWE-1272?
How does Plexicus detect and fix CWE-1272?
Where can I learn more about CWE-1272?
Frequently asked questions
What is CWE-1272?
This vulnerability occurs when a device changes its power mode or enters a debug state but fails to wipe sensitive data that should become inaccessible after the transition.
How serious is CWE-1272?
MITRE has not published a likelihood-of-exploit rating for this weakness. Treat it as medium-impact until your threat model proves otherwise.
What languages or platforms are affected by CWE-1272?
MITRE lists the following affected platforms: VHDL, Verilog, Hardware Description Language, Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.
How can I prevent CWE-1272?
During state transitions, information not needed in the next state should be removed before the transition to the next state.
How does Plexicus detect and fix CWE-1272?
Plexicus's SAST engine matches the data-flow signature for CWE-1272 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.
Where can I learn more about CWE-1272?
MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/1272.html. You can also reference OWASP and NIST documentation for adjacent guidance.
Related weaknesses
Weaknesses related to CWE-1272
CWE-226 Parent
Sensitive Information in Resource Not Removed Before Reuse
This vulnerability occurs when a system releases a resource like memory or a file for reuse but fails to erase the sensitive data it…
CWE-1239 Sibling
Improper Zeroization of Hardware Register
This vulnerability occurs when a hardware component fails to properly erase sensitive data from its internal registers before a new user…
CWE-1301 Sibling
Insufficient or Incomplete Data Removal within Hardware Component
The product's data removal process fails to completely erase all data from hardware components, potentially leaving sensitive information…
CWE-1342 Sibling
Information Exposure through Microarchitectural State after Transient Execution
This vulnerability occurs when a CPU fails to completely erase temporary data traces left behind by speculative execution or error…
CWE-244 Sibling
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Using realloc() to resize buffers containing secrets like passwords or keys can leave that sensitive data exposed in memory, as the…
CWE-200 Can precede
Exposure of Sensitive Information to an Unauthorized Actor
This weakness occurs when an application unintentionally reveals sensitive data to someone who shouldn't have access to it.
Ready when you are
Don't Let Security
Weigh You Down.
Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.