CWE-1059 Detail

CWE-1059

Insufficient Technical Documentation
Incomplete
2019-01-03
00h00 +00:00
2025-09-09
00h00 +00:00
CWE Mitre.org
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Meldingen beheren

Naam: Insufficient Technical Documentation

The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc.

Algemene informatie

Introductiemodi

Architecture and Design
Documentation

Toepasselijke platforms

Taal

Class: Not Language-Specific (Undetermined)

Besturingssystemen

Class: Not OS-Specific (Undetermined)

Architecturen

Class: Not Architecture-Specific (Undetermined)

Technologieën

Class: Not Technology-Specific (Undetermined)
Class: ICS/OT (Undetermined)

Veelvoorkomende gevolgen

Bereik Impact Waarschijnlijkheid
OtherVaries by Context, Hide Activities, Reduce Reliability, Quality Degradation, Reduce Maintainability

Note: Without a method of verification, one cannot be sure that everything only functions as expected.

Waargenomen voorbeelden

Referenties Beschrijving

CVE-2022-3203

A wireless access point manual specifies that the only method of configuration is via web interface (CWE-1059), but there is an undisclosed telnet server that was activated by default (CWE-912).

Mogelijke risicobeperkingen

Phases : Documentation // Architecture and Design
Ensure that design documentation is detailed enough to allow for post-manufacturing verification.

Notities kwetsbaarheidsmapping

Rechtvaardiging : This entry is primarily a quality issue with no direct security implications.
Opmerking : Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.

Referenties

REF-1248

Categories of Security Vulnerabilities in ICS
Securing Energy Infrastructure Executive Task Force (SEI ETF).
https://secureenergy.inl.gov/content/uploads/27/2024/12/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf

REF-1254

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Draft Guidance for Industry and Food and Drug Administration Staff (DRAFT GUIDANCE)
FDA.
https://www.fda.gov/media/119933/download

Indiening

Naam Organisatie Datum Releasedatum Version
CWE Content Team MITRE 2018-07-02 +00:00 2019-01-03 +00:00 3.2

Wijzigingen

Naam Organisatie Datum Opmerking
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-01-31 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples
CWE Content Team MITRE 2024-02-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-09-09 +00:00 updated References
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.