CWE 4.14 is available

giterlizzi
2024-03-01 - min read

# CWE # Weakness

MITRE has released version 4.14 of the Common Weakness Enumeration (CWE) with a new weakness for "Hardware Micro Architectures", a view for "ISA/IEC 62443 Requirements", and new demonstrative examples from "HACK@DAC".

Changes in 4.14

• New Waknesses:
  • CWE-1420: Exposure of Sensitive Information during Transient Execution
  • CWE-1421: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
  • CWE-1422: Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
  • CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
• New View:
  • CWE-1424: Weaknesses Addressed by ISA/IEC 62443 Requirements – This view (slice) covers weaknesses that are addressed by following requirements in the ISA/IEC 62443 series of standards for industrial automation and control systems (IACS). Members of the CWE ICS/OT SIG analyzed a set of CWEs and mapped them to specific requirements covered by ISA/IEC 62443
• New and updated examples

CWE in SecDB

Go to the Weaknesses page to view the details of all CWEs published by MITRE and to view dashboards on the trend of vulnerabilities (CVEs) associated with a particular CWE.

All new CWEs introduced in this release are now available in SecDB.

See also

• https://cwe.mitre.org/news/archives/news2024.html#february29_CWE_Version_4.14_Now_Available - CWE Version 4.14 Now Available @ MITRE
• https://cwe.mitre.org/data/reports/diff_reports/v4.13_v4.14.html - Differences between Version 4.13 and Version 4.14 @ MITRE