Category: Cross-Cutting Problems
Draft
Summary
Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1053 | Missing Documentation for Design | This weakness occurs when software lacks clear design documentation, making it difficult to understand how the system is structured and intended to work. |
| CWE-1059 | Insufficient Technical Documentation | This weakness occurs when a software or hardware product lacks comprehensive technical documentation. Missing or incomplete details about the system's architecture, interfaces, design, configuration, or operation make it difficult to understand, maintain, and secure the product effectively. |
| CWE-1263 | Improper Physical Access Control | This vulnerability occurs when a device or system has areas meant to be physically secure, but the safeguards in place are too weak to stop someone with direct physical access from reaching restricted components or data. |
| CWE-1277 | Firmware Not Updateable | This vulnerability occurs when a hardware product lacks a mechanism for users to install firmware updates, leaving known security flaws permanently unpatched. |
| CWE-1301 | Insufficient or Incomplete Data Removal within Hardware Component | The product's data removal process fails to completely erase all data from hardware components, potentially leaving sensitive information behind. |
| CWE-1329 | Reliance on Component That is Not Updateable | This vulnerability occurs when a product depends on a component that cannot be updated or patched to fix security flaws or critical bugs. |
| CWE-1357 | Reliance on Insufficiently Trustworthy Component | This weakness occurs when a system integrates a component that cannot be fully trusted to meet security, reliability, and maintenance standards, creating risk for the entire product. |
| CWE-1429 | Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface | This vulnerability occurs when a hardware interface discards operations without providing any security-relevant feedback, such as error notifications or logs. This silence prevents the timely detection of critical failures or active attacks, leaving systems vulnerable to undetected compromise. |
| CWE-440 | Expected Behavior Violation | This weakness occurs when a software component, such as a function, API, or feature, fails to act as documented or intended. The system's actual behavior deviates from its promised specification, leading to unpredictable results. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.