| CWE-1242 |
The chip includes chicken bits or undocumented features that can create entry points for unauthorized actors. |
| CWE-1243 |
The product exposes security-sensitive values stored in fuses during debug. |
| CWE-1244 |
The product's physical debug and test interface protection does not block untrusted agents, resulting in unauthorized access to and potentially control of sensitive assets. |
| CWE-1245 |
Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system. |
| CWE-1246 |
The product does not implement or incorrectly handles the implementation of write operations in limited-write non-volatile memories. |
| CWE-1247 |
The product does not contain the necessary additional circuitry or sensors to detect and mitigate voltage and clock glitches. |
| CWE-1248 |
The security-sensitive hardware module contains semiconductor defects. |
| CWE-1249 |
The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state. |
| CWE-125 |
The software reads data past the end, or before the beginning, of the intended buffer. |
| CWE-1250 |
The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other. |
