EUVD-2020-5715

Malware in sbrugna...

Design/Logic Flaw

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC 7KM3120-0BA01-1DA0 All versions = V3.2.3 = V3.2.3 = V3.2.3 = V3.2.3 V3.3.0 only when manufactured between LQN231003... and LQN231215... with LQNYYMMDD.... The read out protection of the internal flash of affected devices was not...

PT-2024-2276 · Siemens · Sentron 7Km Pac3220 Ac/Dc +1

Name of the Vulnerable Software and Affected Versions: SENTRON 7KM PAC3120 AC/DC versions V3.2.3 through V3.2.4 SENTRON 7KM PAC3120 DC versions V3.2.3 through V3.2.4 SENTRON 7KM PAC3220 AC/DC versions V3.2.3 through V3.2.4 SENTRON 7KM PAC3220 DC versions V3.2.3 through V3.2.4 Description: A...

PT-2024-39: Readout protection level bypass before the first power-on cycle in GigaDevice Semiconductor products

The vulnerability of readout protection level bypass before the first power-on cycle was identified in series GD32F1x0, GD32F4xx, GD32F3x0 of GigaDevice Semiconductor products. The discovered vulnerability can be exploited by an attacker to take a snapshot of RAM before initialization or to chang...

PT-2024-40: Readout protection level bypass in GigaDevice Semiconductor products

The vulnerability was identified in in series GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, GD32E50x of GigaDevice Semiconductor products. The vulnerability can be exploited by an attacker to run arbitrary shell code in SRAM. Vulnerability status: Confirmed by research Dat...

SUSE CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

STMicroelectronics STM32L4 Access Control Error Vulnerability

The STMicroelectronics STM32L4 is a series of ultra-low power microcontrollers from STMicroelectronics, an Italian and French company. The STMicroelectronics STM32L4 suffers from an access control error vulnerability that stems from the fact that flash readout protection can be degraded from RDP...

CVE-2020-27211

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection APPROTECT can be bypassed by injecting a fault during the boot phase...

CVE-2020-27212

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection RDP can be degraded from RDP level 2 no access via debug interface to level 1 limited access via debug interface by injecting a fault during the boot phase...

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

CVE-2020-27212

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection RDP can be degraded from RDP level 2 no access via debug interface to level 1 limited access via debug interface by injecting a fault during the boot phase...

STMicroelectronics STM32L4 注入漏洞

The STMicroelectronics STM32L4 is a series of ultra-low power microcontrollers from STMicroelectronics, an Italian and French company. The STMicroelectronics STM32L4 suffers from an access control error vulnerability that stems from the fact that flash readout protection can be degraded from RDP...

SoloKeys Solo 加密问题漏洞

SoloKeys Solo is an open source security key. SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token suffers from a security vulnerability that stems from not enforcing the flash readout protection RDP level. This allows an attacker to lower the RDP level...

PT-2021-11316 · Stmicroelectronics · Stm32L4

Name of the Vulnerable Software and Affected Versions: STMicroelectronics STM32L4 devices through 2020-10-19 Description: The issue concerns incorrect access control in the affected devices. Specifically, the flash read-out protection RDP can be degraded from RDP level 2, which allows no access v...

Gigadevice GD32VF103 Firmware Extraction Vulnerability

The Gigadevice GD32VF103 is a Mega Easy microcontroller device. The Gigadevice GD32VF103 Flash Readout Protection suffers from a firmware extraction vulnerability that can be exploited by a physically capable access attacker to submit a special request to obtain firmware from the debug interface...

CVE-2020-13464

The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module...

CVE-2020-13469

The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU...

CVE-2020-13472

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module...

CVE-2020-13472

CVE-2020-13472 describes a vulnerability in Gigadevice GD32F103 devices where the flash memory readout protection can be bypassed by a physical attacker via the debug interface using the DMA module to extract firmware. The connected records corroborate the affected hardware family and the attack ...

CVE-2020-13472

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module...