Insufficient or Incomplete Data Removal within Hardware Component
The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.
Physical properties of hardware devices, such as remanence of magnetic medial, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed.
Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells.
Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.
This view (slice) covers all the elements in CWE.
CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...
This view (slice) lists weaknesses that can be introduced during implementation.