Refine your search
7 vulnerabilities found for Standard by IEEE
CVE-2017-13095 (GCVE-0-2017-13095)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Standard",
"vendor": "IEEE",
"versions": [
{
"status": "affected",
"version": "P1735"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of a license-deny response to a license grant",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13095",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of a license-deny response to a license grant"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Standard",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "P1735",
"version_value": "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13095",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2017-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:58:12.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13093 (GCVE-0-2017-13093)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Standard",
"vendor": "IEEE",
"versions": [
{
"status": "affected",
"version": "P1735"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of encrypted IP cyphertext to insert hardware trojans",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13093",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of encrypted IP cyphertext to insert hardware trojans"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Standard",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "P1735",
"version_value": "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13093",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2017-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:58:12.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13092 (GCVE-0-2017-13092)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Standard",
"vendor": "IEEE",
"versions": [
{
"status": "affected",
"version": "P1735"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13092",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Standard",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "P1735",
"version_value": "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13092",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2017-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:58:12.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13096 (GCVE-0-2017-13096)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Standard",
"vendor": "IEEE",
"versions": [
{
"status": "affected",
"version": "P1735"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13096",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Standard",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "P1735",
"version_value": "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13096",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2017-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:58:12.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13094 (GCVE-0-2017-13094)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Standard",
"vendor": "IEEE",
"versions": [
{
"status": "affected",
"version": "P1735"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of the encryption key and insertion of hardware trojans in any IP",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13094",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of the encryption key and insertion of hardware trojans in any IP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Standard",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "P1735",
"version_value": "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13094",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2017-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:58:12.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13097 (GCVE-0-2017-13097)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Standard",
"vendor": "IEEE",
"versions": [
{
"status": "affected",
"version": "P1735"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13097",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Standard",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "P1735",
"version_value": "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13097",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2017-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:58:12.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13091 (GCVE-0-2017-13091)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Standard",
"vendor": "IEEE",
"versions": [
{
"status": "affected",
"version": "P1735"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "101699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/739007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13091",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Standard",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "P1735",
"version_value": "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13091",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2017-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:58:12.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}