Cross-Cutting Problems

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.


Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

Firmware Not Updateable

A product's firmware cannot be updated or patched, leaving weaknesses present with no means of repair and the product vulnerable to attack.

Improper Physical Access Control

The product is to be designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor's ability to access the...

Improper Protection Against Physical Side Channels

The product is missing protections or implements insufficient protections against information leakage through physical channels such as power consumption, electromagne...

Insufficient or Incomplete Data Removal within Hardware Component

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

Missing Documentation for Design

The product does not have documentation that represents how it is designed.

Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as sca...


Hardware Design

This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.