4.9

CVE-2017-18347

Exploit

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Data is provided by the National Vulnerability Database (NVD)
StStm32f071rb Firmware Version-
   StStm32f071rb Version-
StStm32f071v8 Firmware Version-
   StStm32f071v8 Version-
StStm32f071vb Firmware Version-
   StStm32f071vb Version-
StStm32f072c8 Firmware Version-
   StStm32f072c8 Version-
StStm32f072cb Firmware Version-
   StStm32f072cb Version-
StStm32f072r8 Firmware Version-
   StStm32f072r8 Version-
StStm32f072rb Firmware Version-
   StStm32f072rb Version-
StStm32f072v8 Firmware Version-
   StStm32f072v8 Version-
StStm32f072vb Firmware Version-
   StStm32f072vb Version-
StStm32f078cb Firmware Version-
   StStm32f078cb Version-
StStm32f078rb Firmware Version-
   StStm32f078rb Version-
StStm32f078vb Firmware Version-
   StStm32f078vb Version-
StStm32f091cb Firmware Version-
   StStm32f091cb Version-
StStm32f091cc Firmware Version-
   StStm32f091cc Version-
StStm32f091rb Firmware Version-
   StStm32f091rb Version-
StStm32f091rc Firmware Version-
   StStm32f091rc Version-
StStm32f091vb Firmware Version-
   StStm32f091vb Version-
StStm32f091vc Firmware Version-
   StStm32f091vc Version-
StStm32f098cc Firmware Version-
   StStm32f098cc Version-
StStm32f098rc Firmware Version-
   StStm32f098rc Version-
StStm32f098vc Firmware Version-
   StStm32f098vc Version-
StStm32f070c6 Firmware Version-
   StStm32f070c6 Version-
StStm32f070cb Firmware Version-
   StStm32f070cb Version-
StStm32f070f6 Firmware Version-
   StStm32f070f6 Version-
StStm32f070rb Firmware Version-
   StStm32f070rb Version-
StStm32f071c8 Firmware Version-
   StStm32f071c8 Version-
StStm32f071cb Firmware Version-
   StStm32f071cb Version-
StStm32f051t8 Firmware Version-
   StStm32f051t8 Version-
StStm32f058c8 Firmware Version-
   StStm32f058c8 Version-
StStm32f058r8 Firmware Version-
   StStm32f058r8 Version-
StStm32f058t8 Firmware Version-
   StStm32f058t8 Version-
StStm32f070c6 Firmware Version-
   StStm32f070c6 Version-
StStm32f051k4 Firmware Version-
   StStm32f051k4 Version-
StStm32f051k6 Firmware Version-
   StStm32f051k6 Version-
StStm32f051k8 Firmware Version-
   StStm32f051k8 Version-
StStm32f051r4 Firmware Version-
   StStm32f051r4 Version-
StStm32f051r6 Firmware Version-
   StStm32f051r6 Version-
StStm32f051r8 Firmware Version-
   StStm32f051r8 Version-
StStm32f042t6 Firmware Version-
   StStm32f042t6 Version-
StStm32f048c6 Firmware Version-
   StStm32f048c6 Version-
StStm32f048g6 Firmware Version-
   StStm32f048g6 Version-
StStm32f048t6 Firmware Version-
   StStm32f048t6 Version-
StStm32f051c4 Firmware Version-
   StStm32f051c4 Version-
StStm32f051c6 Firmware Version-
   StStm32f051c6 Version-
StStm32f051c8 Firmware Version-
   StStm32f051c8 Version-
StStm32f042f4 Firmware Version-
   StStm32f042f4 Version-
StStm32f042f6 Firmware Version-
   StStm32f042f6 Version-
StStm32f042g4 Firmware Version-
   StStm32f042g4 Version-
StStm32f042g6 Firmware Version-
   StStm32f042g6 Version-
StStm32f042k4 Firmware Version-
   StStm32f042k4 Version-
StStm32f042k6 Firmware Version-
   StStm32f042k6 Version-
StStm32f038c6 Firmware Version-
   StStm32f038c6 Version-
StStm32f038e6 Firmware Version-
   StStm32f038e6 Version-
StStm32f038f6 Firmware Version-
   StStm32f038f6 Version-
StStm32f038g6 Firmware Version-
   StStm32f038g6 Version-
StStm32f038k6 Firmware Version-
   StStm32f038k6 Version-
StStm32f042c4 Firmware Version-
   StStm32f042c4 Version-
StStm32f042c6 Firmware Version-
   StStm32f042c6 Version-
StStm32f031e6 Firmware Version-
   StStm32f031e6 Version-
StStm32f031f4 Firmware Version-
   StStm32f031f4 Version-
StStm32f031f6 Firmware Version-
   StStm32f031f6 Version-
StStm32f031g4 Firmware Version-
   StStm32f031g4 Version-
StStm32f031g6 Firmware Version-
   StStm32f031g6 Version-
StStm32f031k4 Firmware Version-
   StStm32f031k4 Version-
StStm32f030f4 Firmware Version-
   StStm32f030f4 Version-
StStm32f030k6 Firmware Version-
   StStm32f030k6 Version-
StStm32f030r8 Firmware Version-
   StStm32f030r8 Version-
StStm32f030rc Firmware Version-
   StStm32f030rc Version-
StStm32f031c4 Firmware Version-
   StStm32f031c4 Version-
StStm32f031c6 Firmware Version-
   StStm32f031c6 Version-
StStm32f030c6 Firmware Version-
   StStm32f030c6 Version-
StStm32f030c8 Firmware Version-
   StStm32f030c8 Version-
StStm32f030cc Firmware Version-
   StStm32f030cc Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.198
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.