Corgea LogoCorgea Security Hub

CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic

Learn about CWE-1245 (Improper Finite State Machines (FSMs) in Hardware Logic), its security impact, exploitation methods, and prevention guidelines.

What is Improper Finite State Machines (FSMs) in Hardware Logic?

• Overview: Faulty finite state machines (FSMs) in hardware logic can lead to undefined states, allowing attackers to disrupt system operations or gain unauthorized access.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by triggering transitions to undefined or unintended states.
  • Common attack patterns include manipulating input signals or sequences to drive the FSM into an unstable or incorrect state.

• Security Impact:

  • Direct consequences include denial of service (DoS) as the system may become unresponsive.
  • Potential cascading effects include unauthorized access or privilege escalation if the FSM controls security-critical operations.
  • Business impact can be severe, resulting in downtime, data breaches, or compromised system integrity.

• Prevention Guidelines:

  • Ensure all states and transitions are explicitly defined and handled in FSM designs.
  • Implement rigorous testing and validation of FSMs to cover edge cases and undefined states.
  • Use formal verification tools and techniques to ensure FSM correctness and robustness.
  • Follow best practices for secure hardware design, such as adhering to established design patterns and standards.
Corgea can automatically detect and fix Improper Finite State Machines (FSMs) in Hardware Logic in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: System on Chip

Vulnerable Code Example

// A simple FSM implementation that handles user authentication states
class UserFSM {
  constructor() {
    this.state = "loggedOut"; // Initial state
  }

  // Transition method to change states
  transition(action) {
    switch (this.state) {
      case "loggedOut":
        if (action === "login") {
          this.state = "loggedIn"; // Move to loggedIn state
        }
        break;
      case "loggedIn":
        if (action === "logout") {
          this.state = "loggedOut"; // Move back to loggedOut state
        }
        break;
      // Vulnerability: No default case to handle undefined states
      // This can lead to the FSM entering an undefined state, causing unexpected behavior
    }
  }
}

// Usage example
const userFSM = new UserFSM();
userFSM.transition("login"); // State changes to loggedIn
userFSM.transition("undefinedAction"); // FSM enters an undefined state

How to fix Improper Finite State Machines (FSMs) in Hardware Logic?

An FSM should handle all possible states and transitions explicitly to prevent the system from entering an undefined state. In the vulnerable example above, there is no handling for unexpected actions, which can lead the FSM to an undefined state. This can be exploited to cause a denial of service or unexpected behavior in a system.

To fix this issue, you should:

  1. Implement a default case in the transition method to handle unexpected actions.
  2. Validate actions before changing states.
  3. Log errors or handle conditions when an undefined state or action is detected.

Fixed Code Example

// Improved FSM implementation with proper state handling
class UserFSM {
  constructor() {
    this.state = "loggedOut"; // Initial state
  }

  // Transition method with enhanced state handling
  transition(action) {
    switch (this.state) {
      case "loggedOut":
        if (action === "login") {
          this.state = "loggedIn"; // Move to loggedIn state
        } else {
          console.error("Invalid action for state loggedOut."); // Log error for invalid actions
        }
        break;
      case "loggedIn":
        if (action === "logout") {
          this.state = "loggedOut"; // Move back to loggedOut state
        } else {
          console.error("Invalid action for state loggedIn."); // Log error for invalid actions
        }
        break;
      default:
        console.error("Undefined state detected!"); // Handle undefined states
        // Reset FSM to a safe state or take corrective action
        this.state = "loggedOut"; // Example corrective action
    }
  }

  // Additional method to validate actions before transition
  isValidAction(action) {
    const validActions = ["login", "logout"];
    return validActions.includes(action);
  }
}

// Usage example with checks
const userFSM = new UserFSM();
if (userFSM.isValidAction("login")) {
  userFSM.transition("login"); // State changes to loggedIn
} else {
  console.error("Invalid action"); // Log invalid action
}

if (userFSM.isValidAction("undefinedAction")) {
  userFSM.transition("undefinedAction");
} else {
  console.error("Invalid action"); // Log invalid action
}

In the fixed code, we've added a default case to handle unexpected states and actions, along with logging for debugging. Additionally, a method (isValidAction) is provided to validate actions before attempting state transitions, ensuring the FSM remains in a defined state. We've also demonstrated resetting the FSM to a safe state if an undefined state is detected.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic and get remediation guidance

Start for free and no credit card needed.