Category: Cross-Cutting Problems
Draft
Summary
Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1053 | Missing Documentation for Design | The product does not have documentation that represents how it is designed. |
| CWE-1059 | Insufficient Technical Documentation | The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc. |
| CWE-1263 | Improper Physical Access Control | The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas. |
| CWE-1277 | Firmware Not Updateable | The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present. |
| CWE-1301 | Insufficient or Incomplete Data Removal within Hardware Component | The product's data removal process does not completely delete all data and potentially sensitive information within hardware components. |
| CWE-1329 | Reliance on Component That is Not Updateable | The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs. |
| CWE-1357 | Reliance on Insufficiently Trustworthy Component | The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability, updateability, and maintainability. |
| CWE-1429 | Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface | The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely detection of failures or attacks. |
| CWE-440 | Expected Behavior Violation | A feature, API, or function does not perform according to its specification. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.