Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-544 |
Missing Standardized Error Handling Mechanism
The product does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. |
|
| CWE-1302 |
Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier. |
|
| CWE-1293 |
Missing Source Correlation of Multiple Independent Data
The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source. |
|
| CWE-1066 |
Missing Serialization Control Element
The product contains a serializable data element that does not have an associated serialization method. |
|
| CWE-1429 |
Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely detection of failures or attacks. |
|
| CWE-392 |
Missing Report of Error Condition
The product encounters an error but does not provide a status code or return value to indicate that an error has occurred. |
|
| CWE-772 |
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
|
| CWE-401 |
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
|
| CWE-775 |
Missing Release of File Descriptor or Handle after Effective Lifetime
The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. |
|
| CWE-773 |
Missing Reference to Active File Descriptor or Handle
The product does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed. |
|
| CWE-771 |
Missing Reference to Active Allocated Resource
The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. |
|
| CWE-1312 |
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions. |
|
| CWE-1299 |
Missing Protection Mechanism for Alternate Hardware Interface
The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path. |
|
| CWE-1278 |
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy. |
|
| CWE-549 |
Missing Password Field Masking
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords. |
|
| CWE-1385 |
Missing Origin Validation in WebSockets
The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid. |
|
| CWE-414 |
Missing Lock Check
A product does not check to see if a lock is present before performing sensitive operations on a resource. |
|
| CWE-456 |
Missing Initialization of a Variable
The product does not initialize critical variables, which causes the execution environment to use unexpected values. |
|
| CWE-909 |
Missing Initialization of Resource
The product does not initialize a critical resource. |
|
| CWE-1326 |
Missing Immutable Root of Trust in Hardware
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code. |