9.8

CVE-2019-14236

Exploit

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
StStm32l0 Firmware Version-
   StStm32l0 Version-
StStm32l1 Firmware Version-
   StStm32l1 Version-
StStm32f4 Firmware Version-
   StStm32f4 Version-
StStm32l4 Firmware Version-
   StStm32l4 Version-
StStm32f7 Firmware Version-
   StStm32f7 Version-
StStm32h7 Firmware Version-
   StStm32h7 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.