CWE-1278 (Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| operating_system | — | Not OS-Specific | Undetermined | — |
| architecture | — | Not Architecture-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2021-38394 | 2021-10-04 | An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware k… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, References, Related_Attack_Patterns |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Maintenance_Notes |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Relationships |
| 2022-06-28 | CWE Content Team | 4.8 | — | updated Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Related_Attack_Patterns |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |