The source code uses literal constants that may need to change
or evolve over time, instead of using symbolic constants.
abstraction Base
status Incomplete
The source code uses symbolic constants, but it does not
sufficiently place the definitions of these constants into a more centralized or
isolated location.
abstraction Base
status Incomplete
The code is structured in a way that relies too much on using
or setting global variables throughout various points in the code, instead of
preserving the associated information in a narrower, more local
context.
abstraction Base
status Incomplete
The code contains a callable, block, or other code element in
which the same variable is used to control more than one unique task or store
more than one instance of data.
abstraction Base
status Incomplete
The product's design documentation does not adequately describe
control flow, data flow, system initialization, relationships between tasks,
components, rationales, or other important aspects of the
design.
abstraction Base
status Incomplete
The product's documentation does not adequately define inputs,
outputs, or system/software interfaces.
abstraction Base
status Incomplete
The document does not fully define all mechanisms that are used
to control or influence how product-specific programs are
executed.
abstraction Base
status Incomplete
The source code uses comment styles or formats that are
inconsistent or do not follow expected standards for the
product.
abstraction Base
status Incomplete
The source code contains whitespace that is inconsistent across
the code or does not follow expected standards for the
product.
abstraction Base
status Incomplete
The source code contains elements such as source files
that do not consistently provide a prologue or header that has been
standardized for the project.
abstraction Base
status Incomplete
The source code contains comments that do not accurately
describe or explain aspects of the portion of the code with which the comment is
associated.
abstraction Base
status Incomplete
The code contains a function or method whose signature and/or associated
inline documentation does not sufficiently describe the callable's inputs, outputs,
side effects, assumptions, or return codes.
abstraction Base
status Incomplete
The documentation does not sufficiently describe the techniques
that are used for error handling, exception processing, or similar
mechanisms.
abstraction Base
status Incomplete
The code uses too many unconditional branches (such as
"goto").
abstraction Base
status Incomplete
The code is too complex, as calculated using a well-defined,
quantitative measure.
abstraction Class
status Incomplete
The code contains McCabe cyclomatic complexity that exceeds a
desirable maximum.
abstraction Base
status Incomplete
The code is structured in a way that a Halstead complexity
measure exceeds a desirable maximum.
abstraction Base
status Incomplete
The product uses too much self-modifying code.
abstraction Base
status Incomplete
The code contains a callable or other code grouping in which
the nesting / branching is too deep.
abstraction Base
status Incomplete
The product has an attack surface whose quantitative
measurement exceeds a desirable maximum.
abstraction Base
status Incomplete
The source code declares a variable in one scope, but the
variable is only used within a narrower scope.
abstraction Base
status Incomplete
The code is compiled without sufficient warnings enabled, which
may prevent the detection of subtle bugs or quality
issues.
abstraction Base
status Incomplete
The product contains code that is not essential for execution,
i.e. makes no state changes and has no side effects that alter
data or control flow, such that removal of the code would have no impact
to functionality or correctness.
abstraction Class
status Incomplete
The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.
abstraction Base
status Draft
The ASP.NET application does not use, or incorrectly uses, the model validation framework.
abstraction Variant
status Draft
The product performs CPU computations using
algorithms that are not as efficient as they could be for the
needs of the developer, i.e., the computations can be
optimized further.
abstraction Class
status Incomplete
The product uses a function, library, or third party component
that has been explicitly prohibited, whether by the developer or
the customer.
abstraction Class
status Incomplete
This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.
abstraction Base
status Deprecated
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
abstraction Base
status Incomplete
The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.
abstraction Base
status Stable
The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.
abstraction Base
status Draft
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
abstraction Base
status Stable
The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.
abstraction Base
status Draft
The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.
abstraction Base
status Draft
The product uses a cryptographic primitive that uses an Initialization
Vector (IV), but the product does not generate IVs that are
sufficiently unpredictable or unique according to the expected
cryptographic requirements for that primitive.
abstraction Base
status Incomplete
The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design. However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state.
abstraction Base
status Incomplete
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
abstraction Base
status Incomplete
Hardware description language code incorrectly defines register defaults or hardware Intellectual Property (IP) parameters to insecure values.
abstraction Base
status Incomplete
The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.
abstraction Variant
status Incomplete
A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.
abstraction Base
status Incomplete
The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.
abstraction Base
status Incomplete
The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended policy.
abstraction Class
status Incomplete
The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.
abstraction Base
status Incomplete
The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.
abstraction Base
status Stable
Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.
abstraction Base
status Incomplete
The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.
abstraction Base
status Stable
System configuration protection may be bypassed during debug mode.
abstraction Base
status Incomplete
The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations.
abstraction Base
status Incomplete
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
abstraction Base
status Incomplete
The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes.
abstraction Variant
status Draft
To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.
abstraction Base
status Draft
The device uses an algorithm that is predictable and generates a pseudo-random number.
abstraction Base
status Draft
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
abstraction Base
status Incomplete
Access to security-sensitive information stored in fuses is not limited during debug.
abstraction Base
status Incomplete
The product uses physical debug or test
interfaces with support for multiple access levels, but it
assigns the wrong debug access level to an internal asset,
providing unintended access to the asset from untrusted debug
agents.
abstraction Base
status Stable
Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.
abstraction Base
status Incomplete
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.
abstraction Base
status Incomplete
The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.
abstraction Base
status Stable
The security-sensitive hardware module contains semiconductor defects.
abstraction Base
status Incomplete
The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.
abstraction Base
status Incomplete
The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other.
abstraction Base
status Incomplete
The product's architecture mirrors regions without ensuring that their contents always stay in sync.
abstraction Base
status Incomplete
The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.
abstraction Base
status Incomplete
The logic level used to set a system to a secure state relies on a fuse being unblown.
abstraction Base
status Draft
The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.
abstraction Base
status Draft
A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.
abstraction Variant
status Draft
The product provides software-controllable
device functionality for capabilities such as power and
clock management, but it does not properly limit
functionality that can lead to modification of
hardware memory or register bits, or the ability to
observe physical side channels.
abstraction Base
status Stable
Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.
abstraction Base
status Incomplete
The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.
abstraction Base
status Draft
The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.
abstraction Base
status Incomplete
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
abstraction Base
status Stable
The hardware logic does not effectively handle when single-event upsets (SEUs) occur.
abstraction Base
status Draft
The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.
abstraction Base
status Stable
The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.
abstraction Class
status Incomplete
The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.
abstraction Base
status Incomplete
The product invokes code that is believed to be reentrant, but the code performs a call that unintentionally produces a nested invocation of the non-reentrant code.
abstraction Base
status Draft
The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect.
abstraction Base
status Incomplete
The product uses an obsolete encoding mechanism to implement access controls.
abstraction Base
status Draft
The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.
abstraction Base
status Draft
The product released to market is released in pre-production or manufacturing configuration.
abstraction Base
status Incomplete