Firmware Not Updateable
A product's firmware cannot be updated or patched, leaving weaknesses present with no means of repair and the product vulnerable to attack.
The inability to patch the product's firmware means that any weaknesses therein cannot be mitigated through an update. This leaves the system/device open to potential exploitation of the inherent weaknesses. External protective measures and mitigations can be employed to aid in preventing malicious behavior, but the root weakness cannot be corrected.
The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.
Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.
A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.
Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.
This view (slice) covers all the elements in CWE.
CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...
This view (slice) lists weaknesses that can be introduced during implementation.