CWE-1277 Detail

The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.

Without the ability to patch or update firmware, consumers will be left vulnerable to exploitation of any known vulnerabilities, or any vulnerabilities that are discovered in the future. This can expose consumers to permanent risk throughout the entire lifetime of the device, which could be years or decades. Some external protective measures and mitigations might be employed to aid in preventing or reducing the risk of malicious attack, but the root weakness cannot be corrected.

Modes Of Introduction

Requirements : Requirements development might not consider the importance of updates over the lifetime of the product, or might not choose the ability due to concerns such as expense or speed to market.
Architecture and Design : Lack of planning during architecture development and design, or external pressures such as speed to market, could ignore the capability to update.
Implementation : The weakness can appear through oversight during implementation.

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Common Consequences

Observed Examples

Potential Mitigations

Phases : Requirements
Specify requirements to include the ability to update the firmware. Include integrity checks and authentication to ensure that untrusted firmware cannot be installed.
Phases : Architecture and Design
Design the device to allow for updating the firmware. Ensure that the design specifies how to distribute the updates and ensure their integrity and authentication.
Phases : Implementation
Implement the necessary functionality to allow the firmware to be updated.

Detection Methods

Manual Analysis

Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generates an "invalid image" error message or equivalent.
Effectiveness : High

Architecture or Design Review

Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware.
Effectiveness : Moderate

Manual Dynamic Analysis

Determine if there is a lack of a capability to update read-only memory (ROM) structure. This could manifest as a difference between the latest firmware version and the current version within the device.
Effectiveness : High

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Related Attack Patterns

NotesNotes

The "firmware" term does not have a single commonly-shared definition, so there may be variations in how this CWE entry is interpreted during mapping.

References

REF-1095

Bad news: KeyWe Smart Lock is easily bypassed and can't be fixed
Matthew Hughes.
https://www.theregister.com/2019/12/11/f_secure_keywe/

REF-1096

Alarm bells ring, the IoT is listening
Alex Scroxton.
https://www.computerweekly.com/news/252475324/Alarm-bells-ring-the-IoT-is-listening

REF-1097

Zyxel Flaw Powers New Mirai IoT Botnet Strain
Brian Krebs.
https://krebsonsecurity.com/2020/03/zxyel-flaw-powers-new-mirai-iot-botnet-strain/

Submission

Modifications