Detalle CWE-1059

CWE-1059

Insufficient Technical Documentation
Incomplete
2019-01-03
00h00 +00:00
2025-09-09
00h00 +00:00
CWE Mitre.org
Notificaciones para un CWE
Manténgase informado sobre cualquier cambio en un CWE específico.
Gestionar notificaciones

Nombre: Insufficient Technical Documentation

The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc.

Informaciones generales

Modos de introducción

Architecture and Design
Documentation

Plataformas aplicables

Lenguaje

Class: Not Language-Specific (Undetermined)

Sistemas operativos

Class: Not OS-Specific (Undetermined)

Arquitecturas

Class: Not Architecture-Specific (Undetermined)

Tecnologías

Class: Not Technology-Specific (Undetermined)
Class: ICS/OT (Undetermined)

Consecuencias comunes

Alcance Impacto Probabilidad
OtherVaries by Context, Hide Activities, Reduce Reliability, Quality Degradation, Reduce Maintainability

Note: Without a method of verification, one cannot be sure that everything only functions as expected.

Ejemplos observados

Referencias Descripción

CVE-2022-3203

A wireless access point manual specifies that the only method of configuration is via web interface (CWE-1059), but there is an undisclosed telnet server that was activated by default (CWE-912).

Mitigaciones potenciales

Phases : Documentation // Architecture and Design
Ensure that design documentation is detailed enough to allow for post-manufacturing verification.

Notas de mapeo de vulnerabilidades

Justificación : This entry is primarily a quality issue with no direct security implications.
Comentario : Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.

Referencias

REF-1248

Categories of Security Vulnerabilities in ICS
Securing Energy Infrastructure Executive Task Force (SEI ETF).
https://secureenergy.inl.gov/content/uploads/27/2024/12/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf

REF-1254

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Draft Guidance for Industry and Food and Drug Administration Staff (DRAFT GUIDANCE)
FDA.
https://www.fda.gov/media/119933/download

Envío

Nombre Organización Fecha Fecha de lanzamiento Version
CWE Content Team MITRE 2018-07-02 +00:00 2019-01-03 +00:00 3.2

Modificaciones

Nombre Organización Fecha Comentario
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-01-31 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples
CWE Content Team MITRE 2024-02-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-09-09 +00:00 updated References
La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.