CWE-1310
Missing Ability to Patch ROM Code
BaseDraft
Description
Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-682
CVEs mapped to this weakness (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1000344 | — | Hig | 0.41 | 7.4 | 0.02 | Jun 4, 2018 | In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. |
- risk 0.41cvss 7.4epss 0.02
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.