CWE-1294 – Insecure Security Identifier Mechanism
Description The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However,...
CWE-1293 – Missing Source Correlation of Multiple Independent Data
Description The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source. Modes of Introduction:...
CWE-1292 – Incorrect Conversion of Security Identifiers
Description The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can...
CWE-1291 – Public Key Re-Use for Signing both Debug and Production Code
Description The same public key is used for signing both debug and production code. Modes of Introduction: - Implementation Related Weaknesses CWE-693 CWE-321...
CWE-1290 – Incorrect Decoding of Security Identifiers
Description The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can...
CWE-129 – Improper Validation of Array Index
Description The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to...
CWE-1289 – Improper Validation of Unsafe Equivalence in Input
Description The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or...
CWE-1288 – Improper Validation of Consistency within Input
Description The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or...
CWE-1287 – Improper Validation of Specified Type of Input
Description The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input...