CWE-1304 – Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Description The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between...
CWE-1303 – Non-Transparent Sharing of Microarchitectural Resources
Description Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts. Modes of Introduction: - Architecture...
CWE-1302 – Missing Security Identifier
Description The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction...
CWE-1301 – Insufficient or Incomplete Data Removal within Hardware Component
Description The product's data removal process does not completely delete all data and potentially sensitive information within hardware components. Modes of Introduction: - Implementation ...
CWE-1300 – Improper Protection of Physical Side Channels
Description The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena...
CWE-130 – Improper Handling of Length Parameter Inconsistency
Description The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the...
CWE-13 – ASP.NET Misconfiguration: Password in Configuration File
Description Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy...
CWE-1299 – Missing Protection Mechanism for Alternate Hardware Interface
Description The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an...
CWE-1298 – Hardware Logic Contains Race Conditions
Description A race condition in the hardware logic results in undermining security guarantees of the system. Modes of Introduction: - Architecture and Design ...
CWE-1297 – Unprotected Confidential Information on Device is Accessible by OSAT Vendors
Description The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors. Modes of...
