The system should enable memory protection mechanisms, such as ASLR and DEP.
CWE-693: Protection Mechanism Failure. The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-1233: Improper Hardware Lock Protection for Security Sensitive Controls. The product implements a register lock bit protection feature that permits security sensitive controls to modify the protected configuration.
OWASP Top 10 A6:2017-Security Misconfiguration. Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion.
OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.3) Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable.