Category: ICS Engineering (Construction/Deployment): Gaps in Details/Data
Incomplete
Summary
Weaknesses in this category are related to the "Gaps in Details/Data" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "Highly complex systems are often operated by personnel who have years of experience in managing that particular facility or plant. Much of their knowledge is passed along through verbal or hands-on training but may not be fully documented in written practices and procedures." Note: members of this category include "Nearest IT Neighbor" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1053 | Missing Documentation for Design | This weakness occurs when software lacks clear design documentation, making it difficult to understand how the system is structured and intended to work. |
| CWE-1059 | Insufficient Technical Documentation | This weakness occurs when a software or hardware product lacks comprehensive technical documentation. Missing or incomplete details about the system's architecture, interfaces, design, configuration, or operation make it difficult to understand, maintain, and secure the product effectively. |
| CWE-1110 | Incomplete Design Documentation | This vulnerability occurs when a system's design documentation is missing critical details about how the software actually works. Key omissions include unclear control flow, undefined data movement, missing system startup procedures, vague component relationships, or unexplained design decisions. |
| CWE-1111 | Incomplete I/O Documentation | This weakness occurs when a product's documentation fails to clearly and completely define its inputs, outputs, or how it interacts with other systems or software components. |
| CWE-710 | Improper Adherence to Coding Standards | This weakness occurs when developers don't consistently follow established coding standards and best practices, which can introduce security flaws or make existing vulnerabilities more severe. |
| CWE-1358 | Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS | CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure Executive Task Force (SEI ETF) in March 2022. Weaknesses and categories in this view are focused on issues that affect ICS (Industrial Control Systems) but have not been traditionally covered by CWE in the past due to its earlier emphasis on enterprise IT software. Note: weaknesses in this view are based on "Nearest IT Neighbor" recommendations and other suggestions by the CWE team. These relationships are likely to change in future CWE versions. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.