Category: Manufacturing and Life Cycle Management Concerns
Draft
Summary
Weaknesses in this category are root-caused to defects that arise in the semiconductor-manufacturing process or during the life cycle and supply chain.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1059 | Insufficient Technical Documentation | This weakness occurs when a software or hardware product lacks comprehensive technical documentation. Missing or incomplete details about the system's architecture, interfaces, design, configuration, or operation make it difficult to understand, maintain, and secure the product effectively. |
| CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | A security-critical hardware component contains physical flaws in its semiconductor material, which can cause it to malfunction and undermine its security features. |
| CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | This vulnerability occurs when a system lacks a reliable method for administrators to permanently erase sensitive information before taking hardware or software out of service. The data scrubbing feature might be missing, ineffective, or flawed, leaving confidential data behind. |
| CWE-1269 | Product Released in Non-Release Configuration | This vulnerability occurs when a product ships to customers while still configured with its pre-production or manufacturing settings, which typically include powerful debugging and testing features not intended for real-world use. |
| CWE-1273 | Device Unlock Credential Sharing | This vulnerability occurs when the secret keys or passwords required to unlock a device's hidden features are shared between multiple organizations, creating a chain of trust where sensitive access can be leaked. |
| CWE-1297 | Unprotected Confidential Information on Device is Accessible by OSAT Vendors | This vulnerability occurs when a semiconductor chip does not properly secure sensitive data, making it accessible to third-party Outsourced Semiconductor Assembly and Test (OSAT) vendors during the manufacturing process. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.