CWE-1245 – Improper Finite State Machines (FSMs) in Hardware Logic
Description Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial...
CWE-1244 – Internal Asset Exposed to Unsafe Debug Access Level or State
Description The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an...
CWE-1243 – Sensitive Non-Volatile Information Not Protected During Debug
Description Access to security-sensitive information stored in fuses is not limited during debug. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-1263...
CWE-1242 – Inclusion of Undocumented Features or Chicken Bits
Description The device includes chicken bits or undocumented features that can create entry points for unauthorized actors. Modes of Introduction: - Architecture and Design ...
CWE-1241 – Use of Predictable Algorithm in Random Number Generator
Description The device uses an algorithm that is predictable and generates a pseudo-random number. Modes of Introduction: - Architecture and Design Related Weaknesses...
CWE-1240 – Use of a Cryptographic Primitive with a Risky Implementation
Description To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation. Modes of...
CWE-124 – Buffer Underwrite (‘Buffer Underflow’)
Description The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This...
CWE-1239 – Improper Zeroization of Hardware Register
Description The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes. Hardware logic operates on...
CWE-1236 – Improper Neutralization of Formula Elements in a CSV File
Description The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be...
CWE-1235 – Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Description The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations. Modes of Introduction: - Implementation Related Weaknesses CWE-400 Consequences...
