Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List

A view in the Common Weakness Enumeration published by The MITRE Corporation.


Objective

Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.

CWE entries in this view are listed in the 2021 CWE Most Important Hardware Weaknesses List, as determined by the Hardware CWE Special Interest Group (HW CWE SIG).

Target Audience

Educators

Educators can use this view to focus curriculum on the most important hardware weaknesses.

Hardware Designers

By following this list, hardware designers and implementers are able to significantly reduce the number of weaknesses that occur in their products.

Product Customers

Customers can use the weaknesses in this view in order to formulate independent evidence of a claim by a product vendor to have eliminated / mitigated the most dangerous weaknesses.

Weaknesses

Firmware Not Updateable

The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.

Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient acc...

Improper Handling of Overlap Between Protected Memory Ranges

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.

Improper Prevention of Lock Bit Modification

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bi...

Improper Protection of Physical Side Channels

The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically obse...

Improper Restriction of Software Interfaces to Hardware Features

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functional...

Internal Asset Exposed to Unsafe Debug Access Level or State

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal ...

On-Chip Debug and Test Interface With Improper Access Control

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the ...

Security-Sensitive Hardware Controls with Missing Lock Bit Protection

The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform ...

Sensitive Information Uncleared Before Debug/Power State Transition

The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information a...

Use of a Cryptographic Primitive with a Risky Implementation

To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptog...

See Also

  1. 2021 CWE Most Important Hardware Weaknesses

    MITRE


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.