HomeStCVE-2017-18347

CVE-2017-18347

MEDIUM
4.6CVSS
Published: 2018-09-12
Updated: 2024-11-21
AI Analysis

Description

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

CVSS Metrics

Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
physical
Complexity
low
Privileges
none
User Action
none
Scope
unchanged
Confidentiality
high
Integrity
none
Availability
none
Weaknesses
CWE-362

Metadata

Primary Vendor
ST
Published
9/12/2018
Last Modified
11/21/2024
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

st : stm32f071rb_firmwarest : stm32f071v8_firmwarest : stm32f071vb_firmwarest : stm32f072c8_firmwarest : stm32f072cb_firmwarest : stm32f072r8_firmwarest : stm32f072rb_firmwarest : stm32f072v8_firmwarest : stm32f072vb_firmwarest : stm32f078cb_firmwarest : stm32f078rb_firmwarest : stm32f078vb_firmwarest : stm32f091cb_firmwarest : stm32f091cc_firmwarest : stm32f091rb_firmwarest : stm32f091rc_firmwarest : stm32f091vb_firmwarest : stm32f091vc_firmwarest : stm32f098cc_firmwarest : stm32f098rc_firmwarest : stm32f098vc_firmwarest : stm32f070c6_firmwarest : stm32f070cb_firmwarest : stm32f070f6_firmwarest : stm32f070rb_firmwarest : stm32f071c8_firmwarest : stm32f071cb_firmwarest : stm32f051t8_firmwarest : stm32f058c8_firmwarest : stm32f058r8_firmwarest : stm32f058t8_firmwarest : stm32f070c6_firmwarest : stm32f051k4_firmwarest : stm32f051k6_firmwarest : stm32f051k8_firmwarest : stm32f051r4_firmwarest : stm32f051r6_firmwarest : stm32f051r8_firmwarest : stm32f042t6_firmwarest : stm32f048c6_firmwarest : stm32f048g6_firmwarest : stm32f048t6_firmwarest : stm32f051c4_firmwarest : stm32f051c6_firmwarest : stm32f051c8_firmwarest : stm32f042f4_firmwarest : stm32f042f6_firmwarest : stm32f042g4_firmwarest : stm32f042g6_firmwarest : stm32f042k4_firmwarest : stm32f042k6_firmwarest : stm32f038c6_firmwarest : stm32f038e6_firmwarest : stm32f038f6_firmwarest : stm32f038g6_firmwarest : stm32f038k6_firmwarest : stm32f042c4_firmwarest : stm32f042c6_firmwarest : stm32f031e6_firmwarest : stm32f031f4_firmwarest : stm32f031f6_firmwarest : stm32f031g4_firmwarest : stm32f031g6_firmwarest : stm32f031k4_firmwarest : stm32f030f4_firmwarest : stm32f030k6_firmwarest : stm32f030r8_firmwarest : stm32f030rc_firmwarest : stm32f031c4_firmwarest : stm32f031c6_firmwarest : stm32f030c6_firmwarest : stm32f030c8_firmwarest : stm32f030cc_firmware

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2017-18347 | MEDIUM Severity | CVEDatabase.com | CVEDatabase.com