CWE-1209 – Failure to Disable Reserved Bits
Description The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not...
CWE-1204 – Generation of Weak Initialization Vector (IV)
Description The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or...
CWE-120 – Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
Description The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size...
CWE-12 – ASP.NET Misconfiguration: Missing Custom Error Page
Description An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses. The mode...
CWE-1193 – Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
Description The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled. Modes of Introduction: Related Weaknesses...
CWE-1192 – System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers
Description The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. Modes of Introduction: - Architecture and Design Related...
CWE-1191 – On-Chip Debug and Test Interface With Improper Access Control
Description The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test...
CWE-1190 – DMA Device Enabled Too Early in Boot Phase
Description The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data...
CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer
Description The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the...
CWE-1189 – Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Description The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. Modes of Introduction: - Architecture and Design Related...