CWE-1371: Insufficiently Documented or Not Documented Features

The vulnerabilities found in this particular area can be attributed to the category termed as "Insufficiently Documented or Not Documented Features" in the SEI ETF's publication titled "Categories of Security Vulnerabilities in ICS," which was released in March 2022. This category encompasses the risks associated with capabilities and configurations that are not adequately defined, leading to a lack of clarity regarding the intended functionality of the device. As a result, this lack of clarity can potentially expose the device to increased attack surface and vulnerabilities. It should be noted that the recommendations provided under the "Nearest IT Neighbor" section of the report, along with the suggestions made by the CWE team, fall within this category. Please bear in mind that these relationships may evolve in future versions of the CWE.