Dear CWE Community,

We are thrilled to announce that CWE version 4.7 is now available on our 
website – Thank you to all our content submitters and 
community members for your time and efforts to collaborate and make this 
release possible.

CWE 4.7 adds support for the recently released categories of security 
vulnerabilities in industrial control systems (ICS) as published by the 
Securing Energy Infrastructure Executive Task Force (SEI 
 in March 2022. Continued expansion into ICS and operational technology (OT) 
CWE content will be discussed in the CWE-CAPEC ICS/OT Special Interest Group 
 launching on May 28, 2022.

A detailed report listing the specific changes between Version 4.6 and 4.7 can 
be found here (diff 
report<>), but 
below I have listed some of the key highlights:

  *   One (1) new view added: Weaknesses in SEI ETF Categories of Security 
Vulnerabilities in ICS<>
  *   One (1) new software weakness added: CWE-1385: Missing Origin Validation 
in WebSockets<>
  *   One (1) new hardware weakness added: CWE-1384: Improper Handling of 
Extreme Physical Environment 
  *   One (1) new software/hardware weakness added: CWE-1357: Reliance on 
Uncontrolled Component<>
  *   One (1) software weakness updated to also include hardware: CWE-1059: 
Insufficient Technical 
  *   One (1) weakness deprecated: CWE-365: Race Condition in 
  *   Updated relationships for 144 existing 
  *   The Status attribute in the top right corner of each CWE entry page will 
no longer be displayed. It is commonly misinterpreted and causes confusion with 
respect to quality and completeness of CWE content. The Status attribute will 
continue to be included in the XML of each entry
  *   CWE schema<> updated to 
add new entries to the TechnologyNameEnumeration to mirror existing entries, 
but with “IP” removed, in accordance with Hardware CWE 
SIG<> discussions

We are really excited about this release, and we look forward to you diving 
into the new content. On behalf of the CWE Program, thank you for your 
continued support.


Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
MITRE - Solving Problems for a Safer World™

Reply via email to