CWE-1301 – Insufficient or Incomplete Data Removal within Hardware Component
Description The product's data removal process does not completely delete all data and potentially sensitive information within hardware components. Modes of Introduction: - Implementation ...
CWE-1300 – Improper Protection of Physical Side Channels
Description The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena...
CWE-130 – Improper Handling of Length Parameter Inconsistency
Description The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the...
CWE-13 – ASP.NET Misconfiguration: Password in Configuration File
Description Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy...
CWE-1299 – Missing Protection Mechanism for Alternate Hardware Interface
Description The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an...
CWE-1298 – Hardware Logic Contains Race Conditions
Description A race condition in the hardware logic results in undermining security guarantees of the system. Modes of Introduction: - Architecture and Design ...
CWE-1297 – Unprotected Confidential Information on Device is Accessible by OSAT Vendors
Description The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors. Modes of...
CWE-1296 – Incorrect Chaining or Granularity of Debug Components
Description The product's debug components contain incorrect chaining or granularity of debug components. Modes of Introduction: - Implementation Related Weaknesses CWE-284 Consequences...
CWE-1294 – Insecure Security Identifier Mechanism
Description The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However,...