MITRE and CISA release a list of Common Hardware Weaknesses of 2021

CSH
CYBERSECURITY HELP
Sign In REGISTER
 

MITRE and CISA release a list of Common Hardware Weaknesses of 2021

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE has released the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.

The list includes the most frequent and critical errors that can lead to serious vulnerabilities in hardware that can be exploited by malicious actors to takeover the affected system, obtain sensitive data, or cause a denial-of-service condition.

“The goals for the 2021 Hardware List are to drive awareness of common hardware weaknesses through CWE, and to prevent hardware security issues at the source by educating designers and programmers on how to eliminate important mistakes early in the product development lifecycle. Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. Hardware consumers could use the list to help them to ask for more secure hardware products fr om their suppliers. Finally, managers and CIOs can use the list as a measuring stick of progress in their efforts to secure their hardware and ascertain wh ere to direct resources to develop security tools or automation processes that mitigate a wide class of vulnerabilities by eliminating the underling root cause,” the announcement reads.

The 2021 Hardware List includes the 12 vulnerabilities entries which received the highest scores during the review:

  • CWE-1189-Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

  • CWE-1191-On-Chip Debug and Test Interface With Improper Access Control

  • CWE-1231-Improper Prevention of Lock Bit Modification

  • CWE-1233-Security-Sensitive Hardware Controls with Missing Lock Bit Protection

  • CWE-1240-Use of a Cryptographic Primitive with a Risky Implementation

  • CWE-1244-Internal Asset Exposed to Unsafe Debug Access Level or State

  • CWE-1256-Improper Restriction of Software Interfaces to Hardware Features

  • CWE-1260-Improper Handling of Overlap Between Protected Memory Ranges

  • CWE-1272-Sensitive Information Uncleared Before Debug/Power State Transition

  • CWE-1274 -Improper Access Control for Volatile Memory Containing Boot Code

  • CWE-1277-Firmware Not Updatable

  • CWE-1300-Improper Protection of Physical Side Channels

MITRE said that future versions of the CWE Most Important Hardware Weaknesses would cover different weaknesses, aiming to provide “the most useful list possible” for the community.


Back to the list