CWE-1059 Detalhe

CWE-1059

Insufficient Technical Documentation
Incomplete
2019-01-03
00h00 +00:00
2025-09-09
00h00 +00:00
CWE Mitre.org
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Gerenciar notificações

Nome: Insufficient Technical Documentation

The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc.

Informações Gerais

Modos de Introdução

Architecture and Design
Documentation

Plataformas Aplicáveis

Linguagem

Class: Not Language-Specific (Undetermined)

Sistemas Operacionais

Class: Not OS-Specific (Undetermined)

Arquiteturas

Class: Not Architecture-Specific (Undetermined)

Tecnologias

Class: Not Technology-Specific (Undetermined)
Class: ICS/OT (Undetermined)

Consequências Comuns

Escopo Impacto Probabilidade
OtherVaries by Context, Hide Activities, Reduce Reliability, Quality Degradation, Reduce Maintainability

Note: Without a method of verification, one cannot be sure that everything only functions as expected.

Exemplos Observados

Referências Descrição

CVE-2022-3203

A wireless access point manual specifies that the only method of configuration is via web interface (CWE-1059), but there is an undisclosed telnet server that was activated by default (CWE-912).

Mitigações Potenciais

Phases : Documentation // Architecture and Design
Ensure that design documentation is detailed enough to allow for post-manufacturing verification.

Notas de Mapeamento de Vulnerabilidade

Justificativa : This entry is primarily a quality issue with no direct security implications.
Comentário : Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.

Referências

REF-1248

Categories of Security Vulnerabilities in ICS
Securing Energy Infrastructure Executive Task Force (SEI ETF).
https://secureenergy.inl.gov/content/uploads/27/2024/12/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf

REF-1254

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Draft Guidance for Industry and Food and Drug Administration Staff (DRAFT GUIDANCE)
FDA.
https://www.fda.gov/media/119933/download

Submissão

Nome Organização Data Data de lançamento Version
CWE Content Team MITRE 2018-07-02 +00:00 2019-01-03 +00:00 3.2

Modificações

Nome Organização Data Comentário
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-01-31 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples
CWE Content Team MITRE 2024-02-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-09-09 +00:00 updated References
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.