CWE-1059: Insufficient Technical Documentation
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc.
常见后果
影响范围: Other
技术影响: Varies by Context Hide Activities Reduce Reliability Quality Degradation Reduce Maintainability
说明: Without a method of verification, one cannot be sure that everything only functions as expected.
潜在缓解措施
阶段: Documentation Architecture and Design
描述: Ensure that design documentation is detailed enough to allow for post-manufacturing verification.
观察示例
参考: CVE-2022-3203
A wireless access point manual specifies that the only method of configuration is via web interface (CWE-1059), but there is an undisclosed telnet server that was activated by default (CWE-912).
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Documentation | - |
适用平台
编程语言
操作系统
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| ISA/IEC 62443 | Part 2-4 | Req SP.02.03 BR | - |
| ISA/IEC 62443 | Part 2-4 | Req SP.02.03 RE(1) | - |
| ISA/IEC 62443 | Part 2-4 | Req SP.03.03 RE(1) | - |
| ISA/IEC 62443 | Part 4-1 | Req SG-1 | - |
| ISA/IEC 62443 | Part 4-1 | Req SG-2 | - |
| ISA/IEC 62443 | Part 4-1 | Req SG-3 | - |
| ISA/IEC 62443 | Part 4-1 | Req SG-4 | - |
| ISA/IEC 62443 | Part 4-1 | Req SG-5 | - |
| ISA/IEC 62443 | Part 4-1 | Req SG-6 | - |
| ISA/IEC 62443 | Part 4-1 | Req SG-7 | - |