CWE-1329

Reliance on Component That is Not Updateable

The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.

Mitigation

Phase: Requirements

Description:

  • Specify requirements that each component should be updateable, including ROM, firmware, etc.
Mitigation

Phase: Architecture and Design

Description:

  • Design the product to allow for updating of its components. Include the external infrastructure that might be necessary to support updates, such as distribution servers.
Mitigation

Phases: Architecture and Design, Implementation

Description:

  • With hardware, support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used for limited patching of devices after shipping, or for the next batch of silicon devices manufactured, without changing the full device ROM.
Mitigation

Phase: Implementation

Description:

  • Implement the necessary functionality to allow each component to be updated.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page