CWE-1316
AllowedFabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
Abstraction: Base · Status: Draft
The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.
2 vulnerabilities reference this CWE, most recent first.
CVE-2019-25655 (GCVE-0-2019-25655)
Vulnerability from cvelistv5 – Published: 2026-03-30 11:02 – Updated: 2026-03-30 15:59- CWE-1316 - Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46321 | exploit |
| https://www.vulncheck.com/advisories/device-monit… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| hdd | Device Monitoring Studio |
Affected:
8.10.00.8925
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25655",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T15:59:00.910329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:59:12.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Device Monitoring Studio",
"vendor": "hdd",
"versions": [
{
"status": "affected",
"version": "8.10.00.8925"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1316",
"description": "Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:02:28.294Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46321",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46321"
},
{
"name": "VulnCheck Advisory: Device Monitoring Studio 8.10.00.8925 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/device-monitoring-studio-denial-of-service"
}
],
"title": "Device Monitoring Studio 8.10.00.8925 Denial of Service",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25655",
"datePublished": "2026-03-30T11:02:28.294Z",
"dateReserved": "2026-03-30T10:57:02.702Z",
"dateUpdated": "2026-03-30T15:59:12.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-R26R-6M7M-C35R
Vulnerability from github – Published: 2026-03-30 12:32 – Updated: 2026-03-30 12:32Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
{
"affected": [],
"aliases": [
"CVE-2019-25655"
],
"database_specific": {
"cwe_ids": [
"CWE-1316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-30T12:16:18Z",
"severity": "MODERATE"
},
"details": "Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.",
"id": "GHSA-r26r-6m7m-c35r",
"modified": "2026-03-30T12:32:27Z",
"published": "2026-03-30T12:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25655"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46321"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/device-monitoring-studio-denial-of-service"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
When architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap.
Mitigation
Ranges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion.
Mitigation
Validate mitigation actions with robust testing.
CAPEC-456: Infected Memory
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.