The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.
abstraction Base
status Incomplete
Security-critical logic is not set to a known value on reset.
abstraction Base
status Incomplete
The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.
abstraction Base
status Stable
The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.
abstraction Base
status Incomplete
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.
abstraction Base
status Stable
The SameSite attribute for sensitive cookies is not set, or an insecure value is used.
abstraction Variant
status Incomplete
Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.
abstraction Base
status Incomplete
The product does not provide its
users with the ability to update or patch its
firmware to address any vulnerabilities or
weaknesses that may be present.
abstraction Base
status Draft
Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.
abstraction Base
status Incomplete
Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.
abstraction Base
status Incomplete
A product's hardware-based access control check occurs after the asset has been accessed.
abstraction Base
status Incomplete
Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.
abstraction Base
status Incomplete
Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.
abstraction Base
status Incomplete
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.
abstraction Base
status Incomplete
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
abstraction Base
status Incomplete
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
abstraction Base
status Incomplete
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
abstraction Base
status Incomplete
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
abstraction Base
status Incomplete
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
abstraction Base
status Incomplete
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
abstraction Base
status Incomplete
The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.
abstraction Base
status Incomplete
The same public key is used for signing both debug and production code.
abstraction Base
status Draft
The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.
abstraction Base
status Draft
The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.
abstraction Base
status Draft
The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.
abstraction Class
status Incomplete
The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
abstraction Base
status Incomplete
The product's debug components contain incorrect chaining or granularity of debug components.
abstraction Base
status Incomplete
The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.
abstraction Base
status Incomplete
A race condition in the hardware logic results in undermining security guarantees of the system.
abstraction Base
status Draft
The lack of protections on alternate paths to access
control-protected assets (such as unprotected shadow registers
and other external facing unguarded interfaces) allows an
attacker to bypass existing protections to the asset that are
only performed against the primary path.
abstraction Base
status Draft
The device does not contain sufficient protection
mechanisms to prevent physical side channels from exposing
sensitive information due to patterns in physically observable
phenomena such as variations in power consumption,
electromagnetic emissions (EME), or acoustic emissions.
abstraction Base
status Stable
The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.
abstraction Base
status Incomplete
The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.
abstraction Base
status Incomplete
Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.
abstraction Base
status Draft
The product performs a power save/restore
operation, but it does not ensure that the integrity of
the configuration state is maintained and/or verified between
the beginning and ending of the operation.
abstraction Base
status Draft
Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.
abstraction Base
status Draft
The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.
abstraction Base
status Draft
The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.
abstraction Base
status Draft
During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.
abstraction Base
status Draft
The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.
abstraction Base
status Draft
The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.
abstraction Base
status Incomplete
The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.
abstraction Base
status Draft
The product uses a fabric bridge for transactions between two Intellectual Property (IP) blocks, but the bridge does not properly perform the expected privilege, identity, or other access control checks between those IP blocks.
abstraction Base
status Draft
On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.
abstraction Base
status Incomplete
The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.
abstraction Base
status Incomplete
Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.
abstraction Base
status Draft
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
abstraction Variant
status Incomplete
The product uses a non-blocking model that relies on a single threaded process
for features such as scalability, but it contains code that can block when it is invoked.
abstraction Base
status Incomplete
Trace data collected from several sources on the
System-on-Chip (SoC) is stored in unprotected locations or
transported to untrusted agents.
abstraction Base
status Draft
This entry has been deprecated because it was at a lower level of abstraction than supported by CWE. All relevant content has been integrated into CWE-319.
abstraction Base
status Deprecated
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.
abstraction Base
status Incomplete
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
abstraction Base
status Draft
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
abstraction Base
status Incomplete
Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.
abstraction Base
status Draft
The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.
abstraction Base
status Incomplete
Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.
abstraction Variant
status Draft
The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels.
abstraction Base
status Stable
The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.
abstraction Base
status Stable
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
abstraction Base
status Draft
An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.
abstraction Base
status Draft
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.
abstraction Base
status Draft
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
abstraction Base
status Incomplete
A hardware device is missing or has inadequate protection features to prevent overheating.
abstraction Base
status Draft
The product processes a real number with an implementation in which the number's representation does not preserve required accuracy and precision in its fractional part, causing an incorrect result.
abstraction Base
status Draft
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.
abstraction Base
status Incomplete
The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.
abstraction Base
status Incomplete
A hardware device, or the firmware running on it, is
missing or has incorrect protection features to maintain
goals of security primitives when the device is cooled below
standard operating temperatures.
abstraction Base
status Incomplete
The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability, updateability, and maintainability.
abstraction Class
status Incomplete
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
abstraction Class
status Incomplete
The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
abstraction Variant
status Incomplete
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.
abstraction Base
status Incomplete
The product parses numeric input assuming base 10 (decimal) values, but it does not account for inputs that use a different base number (radix).
abstraction Base
status Incomplete
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
abstraction Class
status Incomplete
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
abstraction Class
status Incomplete
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
abstraction Base
status Incomplete
The product uses default passwords for potentially critical functionality.
abstraction Base
status Incomplete
The product uses a default cryptographic key for potentially critical functionality.
abstraction Base
status Incomplete
The product has a dependency on a third-party component that contains one or more known vulnerabilities.
abstraction Class
status Incomplete
The product attempts to initialize a resource but does not correctly do so, which might leave the resource in an unexpected, incorrect, or insecure state when it is accessed.
abstraction Class
status Incomplete
A processor event or prediction may allow incorrect operations (or correct operations with incorrect data) to execute transiently, potentially exposing data over a covert channel.
abstraction Base
status Incomplete