CWE-124 – Buffer Underwrite (‘Buffer Underflow’)
Description The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This...
CWE-1240 – Use of a Cryptographic Primitive with a Risky Implementation
Description To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation. Modes of...
CWE-1241 – Use of Predictable Algorithm in Random Number Generator
Description The device uses an algorithm that is predictable and generates a pseudo-random number. Modes of Introduction: - Architecture and Design Related Weaknesses...
CWE-1242 – Inclusion of Undocumented Features or Chicken Bits
Description The device includes chicken bits or undocumented features that can create entry points for unauthorized actors. Modes of Introduction: - Architecture and Design ...
CWE-1243 – Sensitive Non-Volatile Information Not Protected During Debug
Description Access to security-sensitive information stored in fuses is not limited during debug. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-1263...
CWE-1244 – Internal Asset Exposed to Unsafe Debug Access Level or State
Description The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an...
CWE-1245 – Improper Finite State Machines (FSMs) in Hardware Logic
Description Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial...
CWE-1246 – Improper Write Handling in Limited-write Non-Volatile Memories
Description The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories. Modes of Introduction: - Architecture and Design ...
CWE-1247 – Improper Protection Against Voltage and Clock Glitches
Description The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information...
CWE-1248 – Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
Description The security-sensitive hardware module contains semiconductor defects. Modes of Introduction: - Manufacturing Related Weaknesses CWE-693 Consequences Availability, Access Control: DoS: Instability...