CWE-1239 – Improper Zeroization of Hardware Register
Description The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes. Hardware logic operates on...
CWE-1236 – Improper Neutralization of Formula Elements in a CSV File
Description The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be...
CWE-1235 – Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Description The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations. Modes of Introduction: - Implementation Related Weaknesses CWE-400 Consequences...
CWE-1234 – Hardware Internal or Debug Modes Allow Override of Locks
Description System configuration protection may be bypassed during debug mode. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-667 Consequences Access...
CWE-1233 – Security-Sensitive Hardware Controls with Missing Lock Bit Protection
Description The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or...
CWE-1232 – Improper Lock Behavior After Power State Transition
Description Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable...
CWE-1231 – Improper Prevention of Lock Bit Modification
Description The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the...
CWE-1230 – Exposure of Sensitive Information Through Metadata
Description The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from...
CWE-123 – Write-what-where Condition
Description Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer...
CWE-1229 – Creation of Emergent Resource
Description The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation...