CWE-1326 – Missing Immutable Root of Trust in Hardware | Common Weakness Enumeration（CWE）

概要

CWE-1326（Missing Immutable Root of Trust in Hardware）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	Security Hardware	—	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2025-34503	2025-10-24	Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code tha…
CVE-2025-34502	2025-10-24	Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can mo…
CVE-2025-5834	2025-06-25	Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations…
CVE-2025-31929	2025-05-13	A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cab…
CVE-2025-2762	2025-04-23	CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCP…
CVE-2024-8357	2024-11-22	Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installa…
CVE-2024-30111	2024-06-28	HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauth…
CVE-2024-32742	2024-05-14	A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misus…
CVE-2022-38773	2023-01-10	Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical acce…

コンテンツ投稿

名称: Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna
組織: Intel Corporation
日付: 2020-04-25
バージョン: 4.3

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2021-10-28	CWE Content Team	4.6	—	updated Demonstrative_Examples
2022-04-28	CWE Content Team	4.7	—	updated Applicable_Platforms, Related_Attack_Patterns
2022-06-28	CWE Content Team	4.8	—	updated Applicable_Platforms, Modes_of_Introduction
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2023-10-26	CWE Content Team	4.13	—	updated Demonstrative_Examples, References
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities

貢献

タイプ	名称	日付	コメント
Content	Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi	2023-06-21	suggested demonstrative example
Content	Rahul Kande, Chen Chen, Jeyavijayan Rajendran	2023-06-21	suggested demonstrative example