Category: Manufacturing and Life Cycle Management Concerns
Draft
Summary
Weaknesses in this category are root-caused to defects that arise in the semiconductor-manufacturing process or during the life cycle and supply chain.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1059 | Insufficient Technical Documentation | The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc. |
| CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | The security-sensitive hardware module contains semiconductor defects. |
| CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect. |
| CWE-1269 | Product Released in Non-Release Configuration | The product released to market is released in pre-production or manufacturing configuration. |
| CWE-1273 | Device Unlock Credential Sharing | The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information. |
| CWE-1297 | Unprotected Confidential Information on Device is Accessible by OSAT Vendors | The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.