BaseIncomplete

CWE-1301Insufficient or Incomplete Data Removal within Hardware Component

Category: other

Description

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

Common consequences· 1

  • Confidentiality — Read Memory, Read Application Data

Potential mitigations· 2

  • [Architecture and Design]Apply blinding or masking techniques to implementations of cryptographic algorithms.
  • [Implementation]Alter the method of erasure, add protection of media, or destroy the media to protect the data.

Related CAPEC attack patterns· 1

CAPEC-37

References

  1. https://cwe.mitre.org/data/definitions/1301.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternRetrieve Embedded Sensitive Datacapec-37100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Scrubbing of Sensitive Data from Decommissioned Device
CWE
Storage of Sensitive Data in a Mechanism without Access Control
CWE
Improper Removal of Sensitive Information Before Storage or Transfer
CWE
Cleartext Storage of Sensitive Information in Memory
CWE
Missing Encryption of Sensitive Data
CWE
Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.