CWE-1357 – Reliance on Uncontrolled Component
Description The product's design or architecture is built from multiple separate components, but one or more components are not under complete control of the developer,...
CWE-138 – Improper Neutralization of Special Elements
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control...
CWE-1384 – Improper Handling of Extreme Physical Environment Conditions
Description The product does not properly detect and handle extreme conditions in the product's physical environment, such as temperature, radiation, humidity, power, or other physical...
CWE-1304 – Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Description The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between...
CWE-131 – Incorrect Calculation of Buffer Size
Description The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. Modes of...
CWE-1310 – Missing Ability to Patch ROM Code
Description Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state. Modes of Introduction: - Architecture and...
CWE-1311 – Improper Translation of Security Attributes by Fabric Bridge
Description The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another....
CWE-1312 – Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
Description The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions. Modes...
CWE-1313 – Hardware Allows Activation of Test or Debug Logic at Runtime
Description During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This...
CWE-1314 – Missing Write Protection for Parametric Data Values
Description The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result...