CWE-1271 – Uninitialized Value on Reset for Registers Holding Security Settings
Description Security-critical logic is not set to a known value on reset. Modes of Introduction: - Implementation Related Weaknesses CWE-665 Consequences Access...
CWE-1270 – Generation of Incorrect Security Tokens
Description The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the...
CWE-127 – Buffer Under-read
Description The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer....
CWE-1269 – Product Released in Non-Release Configuration
Description The product released to market is released in pre-production or manufacturing configuration. Modes of Introduction: - Implementation Related Weaknesses CWE-693 Consequences...
CWE-1268 – Policy Privileges are not Assigned Consistently Between Control and Data Agents
Description The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies. Modes of Introduction: - Architecture...
CWE-1267 – Policy Uses Obsolete Encoding
Description The product uses an obsolete encoding mechanism to implement access controls. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-284 ...
CWE-1266 – Improper Scrubbing of Sensitive Data from Decommissioned Device
Description The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A...
CWE-1265 – Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Description During execution of non-reentrant code, the software performs a call that unintentionally produces a nested invocation of the non-reentrant code. In complex software, a...
CWE-1264 – Hardware Logic with Insecure De-Synchronization between Control and Data Channels
Description The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete. Modes of Introduction: - Architecture...
CWE-1263 – Improper Physical Access Control
Description The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to...
