Lucene search

[email protected]NVD:CVE-2017-18347

HistorySep 12, 2018 - 3:29 p.m.

CVE-2017-18347

2018-09-1215:29:00

CWE-362

[email protected]

web.nvd.nist.gov

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device’s protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Affected configurations

NVD

Node

ststm32f071rbMatch-

AND

ststm32f071rb_firmwareMatch-

Node

ststm32f071v8Match-

AND

ststm32f071v8_firmwareMatch-

Node

ststm32f071vb_firmwareMatch-

AND

ststm32f071vbMatch-

Node

ststm32f072c8_firmwareMatch-

AND

ststm32f072c8Match-

Node

ststm32f072cb_firmwareMatch-

AND

ststm32f072cbMatch-

Node

ststm32f072r8_firmwareMatch-

AND

ststm32f072r8Match-

Node

ststm32f072rb_firmwareMatch-

AND

ststm32f072rbMatch-

Node

ststm32f072v8_firmwareMatch-

AND

ststm32f072v8Match-

Node

ststm32f072vb_firmwareMatch-

AND

ststm32f072vbMatch-

Node

ststm32f078cb_firmwareMatch-

AND

ststm32f078cbMatch-

Node

ststm32f078rb_firmwareMatch-

AND

ststm32f078rbMatch-

Node

ststm32f078vb_firmwareMatch-

AND

ststm32f078vbMatch-

Node

ststm32f091cb_firmwareMatch-

AND

ststm32f091cbMatch-

Node

ststm32f091cc_firmwareMatch-

AND

ststm32f091ccMatch-

Node

ststm32f091rb_firmwareMatch-

AND

ststm32f091rbMatch-

Node

ststm32f091rc_firmwareMatch-

AND

ststm32f091rcMatch-

Node

ststm32f091vb_firmwareMatch-

AND

ststm32f091vbMatch-

Node

ststm32f091vc_firmwareMatch-

AND

ststm32f091vcMatch-

Node

ststm32f098cc_firmwareMatch-

AND

ststm32f098ccMatch-

Node

ststm32f098rc_firmwareMatch-

AND

ststm32f098rcMatch-

Node

ststm32f098vc_firmwareMatch-

AND

ststm32f098vcMatch-

Node

ststm32f070c6_firmwareMatch-

AND

ststm32f070c6Match-

Node

ststm32f070cb_firmwareMatch-

AND

ststm32f070cbMatch-

Node

ststm32f070f6_firmwareMatch-

AND

ststm32f070f6Match-

Node

ststm32f070rb_firmwareMatch-

AND

ststm32f070rbMatch-

Node

ststm32f071c8_firmwareMatch-

AND

ststm32f071c8Match-

Node

ststm32f071cb_firmwareMatch-

AND

ststm32f071cbMatch-

Node

ststm32f051t8_firmwareMatch-

AND

ststm32f051t8Match-

Node

ststm32f058c8_firmwareMatch-

AND

ststm32f058c8Match-

Node

ststm32f058r8_firmwareMatch-

AND

ststm32f058r8Match-

Node

ststm32f058t8_firmwareMatch-

AND

ststm32f058t8Match-

Node

ststm32f070c6_firmwareMatch-

AND

ststm32f070c6Match-

Node

ststm32f051k4_firmwareMatch-

AND

ststm32f051k4Match-

Node

ststm32f051k6_firmwareMatch-

AND

ststm32f051k6Match-

Node

ststm32f051k8_firmwareMatch-

AND

ststm32f051k8Match-

Node

ststm32f051r4_firmwareMatch-

AND

ststm32f051r4Match-

Node

ststm32f051r6_firmwareMatch-

AND

ststm32f051r6Match-

Node

ststm32f051r8_firmwareMatch-

AND

ststm32f051r8Match-

Node

ststm32f042t6_firmwareMatch-

AND

ststm32f042t6Match-

Node

ststm32f048c6_firmwareMatch-

AND

ststm32f048c6Match-

Node

ststm32f048g6_firmwareMatch-

AND

ststm32f048g6Match-

Node

ststm32f048t6_firmwareMatch-

AND

ststm32f048t6Match-

Node

ststm32f051c4_firmwareMatch-

AND

ststm32f051c4Match-

Node

ststm32f051c6_firmwareMatch-

AND

ststm32f051c6Match-

Node

ststm32f051c8_firmwareMatch-

AND

ststm32f051c8Match-

Node

ststm32f042f4_firmwareMatch-

AND

ststm32f042f4Match-

Node

ststm32f042f6_firmwareMatch-

AND

ststm32f042f6Match-

Node

ststm32f042g4_firmwareMatch-

AND

ststm32f042g4Match-

Node

ststm32f042g6_firmwareMatch-

AND

ststm32f042g6Match-

Node

ststm32f042k4_firmwareMatch-

AND

ststm32f042k4Match-

Node

ststm32f042k6_firmwareMatch-

AND

ststm32f042k6Match-

Node

ststm32f038c6_firmwareMatch-

AND

ststm32f038c6Match-

Node

ststm32f038e6_firmwareMatch-

AND

ststm32f038e6Match-

Node

ststm32f038f6_firmwareMatch-

AND

ststm32f038f6Match-

Node

ststm32f038g6_firmwareMatch-

AND

ststm32f038g6Match-

Node

ststm32f038k6_firmwareMatch-

AND

ststm32f038k6Match-

Node

ststm32f042c4_firmwareMatch-

AND

ststm32f042c4Match-

Node

ststm32f042c6_firmwareMatch-

AND

ststm32f042c6Match-

Node

ststm32f031e6_firmwareMatch-

AND

ststm32f031e6Match-

Node

ststm32f031f4_firmwareMatch-

AND

ststm32f031f4Match-

Node

ststm32f031f6_firmwareMatch-

AND

ststm32f031f6Match-

Node

ststm32f031g4_firmwareMatch-

AND

ststm32f031g4Match-

Node

ststm32f031g6Match-

AND

ststm32f031g6_firmwareMatch-

Node

ststm32f031k4_firmwareMatch-

AND

ststm32f031k4Match-

Node

ststm32f030f4_firmwareMatch-

AND

ststm32f030f4Match-

Node

ststm32f030k6_firmwareMatch-

AND

ststm32f030k6Match-

Node

ststm32f030r8_firmwareMatch-

AND

ststm32f030r8Match-

Node

ststm32f030rc_firmwareMatch-

AND

ststm32f030rcMatch-

Node

ststm32f031c4Match-

AND

ststm32f031c4_firmwareMatch-

Node

ststm32f031c6Match-

AND

ststm32f031c6_firmwareMatch-

Node

ststm32f030c6Match-

AND

ststm32f030c6_firmwareMatch-

Node

ststm32f030c8Match-

AND

ststm32f030c8_firmwareMatch-

Node

ststm32f030ccMatch-

AND

ststm32f030cc_firmwareMatch-

References

community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32

www.aisec.fraunhofer.de/en/FirmwareProtection.html

www.usenix.org/conference/woot17/workshop-program/presentation/obermaier

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for NVD:CVE-2017-18347

prion1 cvelist1 cve1