CWE-1277: Firmware Not Updateable

Description

The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.

Submission Date :

May 13, 2020, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

Wells Fargo

Extended Description

Without the ability to patch or update firmware, consumers will be left vulnerable to exploitation of any known vulnerabilities, or any vulnerabilities that are discovered in the future. This can expose consumers to permanent risk throughout the entire lifetime of the device, which could be years or decades. Some external protective measures and mitigations might be employed to aid in preventing or reducing the risk of malicious attack, but the root weakness cannot be corrected.

Example Vulnerable Codes

Example - 1

A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.

The refrigerator has no means of patching and is hacked becoming a spewer of email spam.

The device automatically patches itself and provides considerable more protection against being hacked.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-1329: Reliance on Component That is Not Updateable

Go to

Visit http://cwe.mitre.org/ for more details.